This tutorial explains how to install WPScan on Debian based systems. This is being done on a Debian 8 machine, although you should be able to tweak it to your needs.
First we’ll need an up to date Ruby installation. This is something where I had quite some trouble with in the beginning and I didn’t want to go with RVM.
So let’s get started.
Let’s first add a repository that has Ruby 2.3 available, as the normal Stable release for Debian is only 1.9.x.
apt-get install software-properties-common add-apt-repository 'deb http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu trusty main' apt-get update
Let’s install the packages we’ll need for WPScan
apt-get install ruby2.3 ruby2.3-dev git make gcc libcurl4-openssl-dev zlib1g-dev
Now download (clone) WPScan using git:
git clone https://github.com/wpscanteam/wpscan.git
Enter the wpscan directory:
cd wpscan
Now we have to install the bundler which updates the Ruby gems.
gem install bundler && bundle install --without test
Now you can start WPScan by running it using ruby:
ruby wpscan.rb
And we’re done!
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.9.1
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________
Examples :
-Further help ...
ruby wpscan.rb --help
-Do 'non-intrusive' checks ...
ruby wpscan.rb --url www.example.com
-Do wordlist password brute force on enumerated users using 50 threads ...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
-Do wordlist password brute force on the 'admin' username only ...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
-Enumerate installed plugins ...
ruby wpscan.rb --url www.example.com --enumerate p
-Enumerate installed themes ...
ruby wpscan.rb --url www.example.com --enumerate t
-Enumerate users ...
ruby wpscan.rb --url www.example.com --enumerate u
-Enumerate installed timthumbs ...
ruby wpscan.rb --url www.example.com --enumerate tt
-Use a HTTP proxy ...
ruby wpscan.rb --url www.example.com --proxy 127.0.0.1:8118
-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)
ruby wpscan.rb --url www.example.com --proxy socks5://127.0.0.1:9000
-Use custom content directory ...
ruby wpscan.rb -u www.example.com --wp-content-dir custom-content
-Use custom plugins directory ...
ruby wpscan.rb -u www.example.com --wp-plugins-dir wp-content/custom-plugins
-Update the DB ...
ruby wpscan.rb --update
-Debug output ...
ruby wpscan.rb --url www.example.com --debug-output 2>debug.log
See README for further information.
Enjoy!
thanks for this tutorial