Categories
Kali Linux

WPScan

WPScan is a WordPress vulnerability scanner. WPScan is found in the Kali desktop menu 03:Web Application Analysis>Web Vulnerability Scanners.

WPScan

The following command runs password-attack to wordpress server(192.168.0.3/wordpress). –passwords option requires password file that contains a list of passwords to use during the password attack.

One of the easiest ways to prepare the password file is to use Openwall wordlists collection(https://download.openwall.net/). The following command uses the file named “password” as its list of passwords, which downloaded from /pub/wordlists/passwords directory.

The log shows that wpscan found admin/admin account-password pair in 3 minutes.

Note: wpscan requires internet access to update its database. If the network is unreachable to the database server, wpscan aborted.