Scanning WordPress Using WP Scanner

Hello Everyone, today I’m going to explain how to scan your WordPress or your website using WP Scanner and it is very easy, I’m going to use my website as a demonstration 

So shall we start?

First off, I’m using Kali Linux as far i know this tool is programmed using ruby so you can download ruby on your windows and download the WPSCAN tool.

Note: As the Ethical Hacking is allowed in world-wide we are doing this tutorials only for educational purposes also to protect you from vulnerability and hackers, we are not responsible for bad using of this tool.

So as we said before open the Terminal or Command line and lets try to get the username of the target website, by that we are using this command:

1	wpscan --url security-dz.com --enumerate u

And the result is as shown in the bellow picture:

Their some people asking what is the purpose of getting the Administration username, and that the username is used to Brute Force into the administration panel that’s why the hacker get it 

Now let’s try to scan the whole script and plugin to see if we have errors or vulnerability that can be a cause of hacking our website by writing this command:

1	wpscan --url security-dz.com

and the result is shown in the picture below:

As you can see i found an error and it was full path disclosure also it will give you a full report about the vulnerability and a reference in a security web how to exploit it and how to fix it.

Please if you have any question feel free to ask me the comment section below.

Categories: Hacking tutorials, Kali Linux