You can leverage the following tools powered by WPScan. Login into Kali Linux with root and open terminal Run the scan using wpscan command Using Docker # The beauty of using Kali Linux is you don’t have to install anything. If you are interested in testing specific metrics, then check out the help by executing wpscan with –help syntax. Note: if you need vulnerability data in output, then you need to use their API. Here is the output of one of the site’s test. Execute wpscan and you should see it returns below. WPScan is installed and ready to use now. It will take few seconds to install, and once done you should see something like this. Reboot the server and then install WPScan using gem command Install latest Ruby and their dependencies Login to CentOS with root Update the repository
It does several things like:Ĭheck if the site is using vulnerable WP version Check if a theme and plugin is up-to-date or known to be vulnerable Check Timthumbs Check for configuration backup, DB exports Brute force attackīy installing on Linux servers Using Docker Using pre-installed Linux distro like Kali Linux, BackBox, Pentoo, BlackArch, etc. WPScan is free software, helps you to identify the security-related problems on your WordPress site. Or, want to test multiple sites at multiple times.
It is useful if your website is on a private network or Intranet where the Internet is not available. However, if you are looking for software to install and scan from your server, then WPScan is your friend. There is plenty of online security scanner to scan your website. A recent web application vulnerability report by Acunetix shows that around 30% of WordPress sites found vulnerable.
0 kommentar(er)
