Simple guide to installing WPScan on Debian.

Installation

Install git to grab source code from Github:

[html]
apt-get install git
[/html]

Install dependencies for wpscan:

[html]
apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev ruby1.9.3
[/html]

Clone wpscan form Github:

[html]
git clone http://github.com/wpscanteam/wpscan.git
[/html]

Change into directory and install wpscan:

[html]
cd wpscan
gem install bundler && bundle install –without test development
[/html]

Scanning

Scan WordPress plugins:

[html]
ruby wpscan.rb –url http(s)://www.yoursiteurl.com –enumerate p
[/html]

Scan Vulnerable plugins:

[html]
ruby wpscan.rb –url http(s)://www.yoursiteurl.com –enumerate vp
[/html]

Scan themes:

[html]
ruby wpscan.rb –url http(s)://www.yoursiteurl.com –enumerate t
[/html]

Scan vulnerable themes:

[html]
ruby wpscan.rb –url http(s)://www.yoursiteurl.com –enumerate vt
[/html]

Scan user accounts:

[html]
ruby wpscan.rb –url http(s)://www.yoursiteurl.com –enumerate u
[/html]

Scan for timthumb installations:

[html]
ruby wpscan.rb –url http(s)://www.yoursiteurl.com –enumerate tt
[/html]

Update wpscan:

[html]
ruby wpscan.rb –update
[/html]

Written by Matt Cooper
Hi, I'm Matt Cooper. I started this blog to pretty much act as a brain dump area for things I learn from day to day. You can contact me at: matt@matthewc424.sg-host.com.