WordPress is a open source tool used for blogging & other beautiful websites design. WordPress is a CMS (Content management System) that works through Php & Sql. Here we are going to conduct Wordpress testing using wpscan.
WordPress testing using wpscan
WordPress is so much used by everyone that many questions have arrived in the security of this technology.
WordPress testing using wpscan. WPScan is pen testing tool that is used for checking the vulnerability of a WordPress website. It was developed by Ryan Dewhurst and sponsored by Sucuri. It is pre-installed with many distributions of linux such as BackBox Linux, Kali Linux, Pentoo, SamuraiWTF, BlackArch. WPScan do not support windows.
One by one all the commands are written below. There are many things which you need to do for the testing of WordPress site. Enumerate WordPress version, theme and plugin • wpscan –url http://tutorials.gbhackers.com/test/ –enumerate p • wpscan –url http://tutorials.gbhackers.com/test/ –enumerate t Enumerate WordPress users • wpscan –url http://tutorials.gbhackers.com/test/ –enumerate u
How to pentest your WordPress website
Launch a brute-force attack wpscan –url http://tutorials.gbhackers.com/test/ –wordlist /root/Desktop/password.txt –username kcwto Enumerate timthumbs
If you are still using TimThumb, even after a very serious vulnerability, you have one more reason to be concerned.
wpscan –url http://tutorials.gbhackers.com/test/ –enumerate tt Store the output in a separate File wpscan –url http://tutorials.gbhackers.com/test/ –debug-output 2>debug.log Also Read : Learn basics of Linux hacking for hacking aspirants Part 14
Pen testing is an art that depends on the analysis & knowledge of the hacker. The commands given here are the basics of testing. You must be aware about every aspect of the site for which the test is conducted.
Write us in the comment box for any help. Thank You.