2022- Penetration testing-Recommend a useful website vulnerability scanning tool-WPscan

Table of contents

Introduction to WPscan

WPscan tool utilizes

View help information

Update vulnerability library

Scan for WordPress Vulnerabilities

scan wordpress users

Scan for themes and vulnerabilities used

Specify dictionary brute force password

Introduction to WPscan

WPScan is a vulnerability scanning tool that comes with Kali Linux by default. It can comprehensively check the vulnerabilities of the wp website, so that it can promptly fix the vulnerabilities and avoid the danger of being hacked. At the same time, it can also realize Wordpressbrute force cracking of username and password for unprotected sites.

WPscan tool utilizes

View help information

wpscan -h

Update vulnerability library

wpscan --update

Scan for WordPress Vulnerabilities

wpscan --url http://dc-2/

scan wordpress users

wpscan --url http://dc-2 --enumerate u 

Like, this is the user of the DC-2 range website I swiped.

Scan for themes and vulnerabilities used

wpsan --url http://dc-2 --enumerate vt

Specify dictionary brute force password

wpscan --url http://dc-2/ -U 2 -P 1

2 is the account number and 1 is the password. The accounts are the three admins, jerry, and tom we just scanned. The password is generated according to the website, using the cewl tool. For specific usage, please refer to the link below.

2022-Penetration Testing-Kali Linux Dictionary Generation Tool Cewl Usage Guide