Monday 6 May 2013
Labels:
Tools
WPScan is a WordPress vulnerability scanner which has different flavours of exploiting wordpress based websites it is programmed in RUBY language,it can attack a wordpress website in variety of ways
like you can use non-intrusive scan you can also bruteforce the admin passwords with it if you have a good password list but don't worry there is a built it pass list in backtrack ;)
The best part of the wpscan is that you can enumerate or try to find exploit of plugins installed in it thats the best part of wpscan because exploiting wordpress directly is "hell of a job" thats why the better option is to use plugins enumeration.
WordPress Vulnerability Scanner.
WPScan is a WordPress vulnerability scanner which has different flavours of exploiting wordpress based websites it is programmed in RUBY language,it can attack a wordpress website in variety of ways
like you can use non-intrusive scan you can also bruteforce the admin passwords with it if you have a good password list but don't worry there is a built it pass list in backtrack ;)
The best part of the wpscan is that you can enumerate or try to find exploit of plugins installed in it thats the best part of wpscan because exploiting wordpress directly is "hell of a job" thats why the better option is to use plugins enumeration.
INTERFACE :
DOWNLOAD :
WPSCAN USAGE :
Do 'non-intrusive' checks...
ruby wpscan.rb --url www.example.com
Do wordlist password brute force on enumerated users using 50 threads...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
Do wordlist password brute force on the 'admin' username only...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
Enumerate installed plugins...
ruby wpscan.rb --url www.example.com --enumerate p
Run all enumeration tools...
ruby wpscan.rb --url www.example.com --enumerate
Update WPScan...
ruby wpscan.rb --update
Hopes you like it :D
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment