Difference between revisions of "WPScan - for WordPress vulnerability scanner"

fr:WPScan - scanner de vulnerabilite pour WordPress en:WPScan - for WordPress vulnerability scanner es:WPScan - para el escáner de vulnerabilidad de WordPress pt:WPScan - para scanner de vulnerabilidade WordPress it:WPScan - per scanner di vulnerabilità di WordPress nl:WPScan - voor WordPress kwetsbaarheid scanner de:WPScan - für WordPress-Schwachstellen-scanner zh:WPScan-为 WordPress 漏洞扫描器 ar:وبسكان--وورد الضعف الماسح الضوئي ja:WPScan - ワードプレスの脆弱性スキャナーの pl:WPScan - dla WordPress skaner luk w zabezpieczeniach ru:WPScan - для WordPress уязвимости сканера ro:WPScan - pentru WordPress vulnerabilitate scanner he:WPScan - עבור וורדפרס פגיעות סורק
This article has been created by an automatic translation software. You can view the article source here.

Introduction

WP scan is a scanner of vulnerabilities for Wordpress. It is developed in Ruby. He is able to list the plugins used and give you security vulnerabilities associated with. It also includes a module of brute-force to tackle the WordPress administration interface.

It is important to note that, as for the majority of security and scanning tools, WPscan not going to secure not your WordPress for you. Also, completing a check of security with WPscan which is not visible flaws you does not mean that your WordPress is to 100% secure. It is a notion that must be constantly in mind when we talk about security.

WP scan is natively on the following distributions : (Windows is not supported)

-BackBox Linux

-Kali Linux

-Pentoo

If you want to manually install on Debian/Ubuntu or Fedora/CentOS, here are the prerequisites :

On Debian :

sudo apt-get install git ruby ruby-dev libcurl4-gnutls-dev make

git clone https://github.com/wpscanteam/wpscan.git

cd wpscan

sudo gem install bundler

bundle install --without test --path vendor/bundle

On distributions Fedora/CentOS/RHEL :

sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel

git clone https://github.com/wpscanteam/wpscan.git

cd wpscan

sudo gem install bundler && bundle install --without test

ruby wpscan.rb votrecommande ....

We can now use WPscan.

Place

Before any analysis to update the database of wp-scan. This is important, because if one decides to scan our WordPress with a database of vulnerabilities that is not up to date, some security vulnerabilities related to the theme in the WordPress version or versions of plug-ins for example, don't you will not carry over, there is a risk to miss critical to secure. To update the database WPscan :

wpscan --update

Now that our database is up-to-date, we can start to scan our WordPress site :

wpscan --URL www.monsite.fr

With this command you will know the version of WordPress, the name of the template, the list of plugins...

When you have a red exclamation point, this means that it is important to correct the error. Be updating WordPress where its plugins either by deleting the file. Most of us, let the "readme.html" file. Delete it, it provides the information of your version of WP.

The other order which can be interesting and allows to completely scan a WordPress blog listing users, vulnerable plugins, vulnerable themes known...

wpscan --url www.monsite.fr --enumerate

You can refine the detection of vulnerabilities by specifying an additional option for example only the vulnerable plugins (-enumerate vp)users (-enumerate u), … You can view the details of the options at this address : http://wpscan.org

You can do a test of your password with the following command :

wpscan --URL www.monsite.fr --wordlist /chemindevotrelistebruteforce.txt --username votreutilisateur

Conclusion

Pay attention to the fact not to use such a tool on web sites that do you not or without the consent of their owner. There are several other options for use of WPscan, but here we saw its overall functioning.

It is important to know how to work WPscan and similar tools to understand that certain security rules (and all) do not allow a safe safety 100%. Better understand the tools and strategies of the attackers to better defend.

Find the page dedicated to our Wordpress offer on the.https://express.ikoula.com/fr/hebergement-wordpress site Ikoula].

This article seem useful to you ?