Hi all, today I am gonna take a look of an amazing tool. We all know the wordpress which is mostly used by many bloggers because it is open source and it has so many features to make your blog so attractive and amazing.but as we know in you are on the web u must need to take care of the security because now days hackers are more active and they can use the bug and known exploit to hack the websites.
So, I am gonna talk about another very useful security auditing tool specially written for wordpress security check. This tool is open source and can be used by system administrators or used in to check wordpress security so that hackers attacks cant harm your website.
The tool name is “wpscan” it is written in ruby and can be used on LINUX,WINDOWS,OSX and it can be easily download from the internet . Basically this tool is try to find out the know exploit about the wordpress and report it so that you can fix it up. As we know wordpress is used by number of people and this is the major concern that number of bugs and exploit introduced and by exploiting that bugs hacker ca take over on you website so wpscan take care of it and run security check on wordpress installation and installed plugin it has its database to check the know bugs and user can easily update it .
It has amazing features:-
We can crack weak password
It is multithreaded
We can find out vulnerability which is based on version of wrodpress.
We can enumerate the installed most popular plugin of wordpress which has 2220 in number by default.
We can find out vulnerability based on plugin installed in wordpress also check the vulnerability based on plugin version.
We can also enumerate username from location header etc. and can able to to find themes installed dir listing etc.
It can brute force the username and password using dictionary attack.
It can be used with metasploit too .
Installation is very easy but it requires some dependency which can be find on readme file .
Wpscan can be download from google project hosting
http://code.google.com/p/wpscan/
usage:-
it is very easy to use this tool it is has command line interface .
we can use some command like :-
[-]#ruby wpscan.rb –url www.websitename.com –version.
It will only check the version.
[-]#ruby wpscan.rb –url www.websitename.com –enumerate p .
It will enumerate installed plugin.
You will find all other example on tool using –h parameter which is stand for further help.
Hope you like this article
Thanxx…….
No comments: