WPScan

To use WPScan for scanning a WordPress website

Install WPScan on your system. If you’re using Kali Linux, WPScan is pre-installed. Otherwise, you can install it using the following command:
```
sudo gem install wpscan
```
Open a terminal and run the following command to scan a WordPress website:
```
wpscan --url <wordpress_website_url>
```
Replace <wordpress_website_url> with the URL of the WordPress website you want to scan. For example:
```
wpscan --url http://wordpress.local
```
By default, WPScan will perform an extensive scan, including enumerating users and plugins. If you want to focus on specific aspects, you can use additional parameters. For example, to enumerate only the installed plugins, use the --enumerate p option:
```
wpscan --url http://wordpress.local --enumerate p
```
WPScan will show the results of the scan, including any vulnerabilities found. Review the results to identify potential security issues and take appropriate measures to address them.

Last updated 1 year ago