Install WPScan WordPress Security Scanner on Ubuntu 20.04 LTS

Commands to install WPscan WordPress security scanner on Linux Ubuntu 20.04 or 18.04 distos to find plugins or themes vulnerabilities and other security issues.

WPScan WordPress Security Scanner is a free to install tool for Linux and Windows systems. It allows users to check for security issues related to certain blogs or websites installed on WordPress. This means that the user can scan any WordPress based website to discover various issues such as core files, plugins, and theme vulnerabilities; Weak passwords, HTTPS enabled or not, header elements; including a check of debug.log files, wp-config.php backup files, XML-RPC is enabled, code repository files, default secret keys, exported database files and more … However, to get the vulnerabilities in the result, we need to add the WPscan API key available for free to generate and provide 25 scans per day.

Moreover, Wpscan is also available as a plugin to be installed directly on the WordPress backend and users can operate it through its GUI dashboard. If you don’t want to use the WPscan plugin, the CLI tool can be used.

Step to install WPScan on Ubuntu 20.04 / 18.04 LTS

Let’s see the commands to install this WordPress Vulnerability Scanner (WPscan) on Ubuntu, Debian, Kali Linux, Linux Mint or other similar operating systems.

1. Run the system update

The first thing to do before installing any application or tool is running the system update command.

sudo apt update

2. Install Ruby on Ubuntu 20.04 LTS

Wpscan can be installed from RubyGems, so let’s install Ruby and other required dependencies on our Ubuntu

sudo apt install ruby-full

3. Command to install WPScan on Ubuntu

Finally, use Ruby’s gem command to download and install the WPscan packages on your system.

sudo gem install wpscan

4. Check out the version

Once the installation is complete, let’s check its version-

wpscan --version

5. WPscan commands

To learn about the different controls and indicators that can be used with Wpscan, open the help section.

wpscan -h
Usage: wpscan [options]
--url            URL The URL of the blog to scan 
                 Allowed Protocols: http, https
                 Default Protocol if none provided: http
                 This option is mandatory unless update or help or hh 
                 or version is/are supplied
-h,              --help Display the simple help and exit
--hh              Display the full help and exit
--version          Display the version and exit
-v,                --verbose Verbose mode
--[no-]banner       Whether or not to display the banner
                   Default: true
-o,                 --output FILE Output to FILE
-f,                 --format FORMAT Output results in the format supplied
                      Available choices: cli-no-colour, cli-no-color, json, cli
--detection-mode      MODE Default: mixed
                      Available choices: mixed, passive, aggressive
--user-agent, --ua               VALUE
--random-user-agent,--rua        Use a random user-agent for each scan
--http-auth login:password
-t, --max-threads                  VALUE The max threads to use
                                Default: 5
--throttle                    MilliSeconds Milliseconds to wait before doing another
                               web request. If used, the max threads will be set to 1.
--request-timeout SECONDS        The request timeout in seconds
                                  Default: 60
--connect-timeout SECONDS         The connection timeout in seconds
                                  Default: 30
--disable-tls-checks Disables SSL/TLS certificate verification, and downgrade to TLS1.0+ (requires cURL 7.66 for the latter)
--proxy protocol://IP:port Supported protocols depend on the cURL installed
--proxy-auth login:password
--cookie-string           COOKIE Cookie string to use in requests, 

6. Analyze WordPress sites

Now, if you want to use this command line tool to scan some WordPress websites for security issues and other details, run the following syntax:

wpscan --url

Wpscan Ubuntu Linux command for WordPress website

7. Obtain the API key of the WPScan token

By default, this security tool will not provide vulnerabilities in the output, and for that we need to generate an API key. To go to the official site and select the free plan to sign up.

The Wpscan API generates

Copy the API key and use it as follows with the command-

wpscan --url --api-token your-api-key

To note: Replace your-api-key text in the above command with the one you generated.

8. Detection modes

Wpscan offers three detection modes, they are passive, aggressive and mixed. In Passive In mode, the tool will send few requests to the server and scan only to discover common security issues for a website home page. It is good to use if you think the server will not be able to handle a large number of requests.

Come Aggressive mode, in this, the intrusive scan performed by WPscan will be more powerful and will send hundreds of requests to the server to discover vulnerabilities, if any, in all WordPress plugins.

While, mixed which is the default on the WPScan tool is a combination of aggressive and passive mode to provide balanced analysis.

So if you want to change the default Mixed to one of the other two, use --detection-mode option in the command-

For example:

wpscan --url --detection-mode aggressive --api-token your-api-key

9. List all installed plugins and themes and check for vulnerabilities

To enumerate various elements of WordPress, we can use the options given below with -e flag.

vp          ----(Vulnerable plugins)
ap          ----(All plugins)
p           ----(Popular plugins)
vt          ----(Vulnerable themes)
at          ----(All themes)
t           ----(Popular themes)
tt          ----(Timthumbs)
cb          ----(Config backups)
dbe         ----(Db exports)
u           ----(User IDs range. e.g: u1-5)
m           ----(Media IDs range. e.g m1-15)

For example, we want to list all plugins with known vulnerabilities, then we use the vp option given in the list above with the detection mode of the -e flag

wpscan --url  -e vp --detection-mode mixed --api-token your-api-key

10 Run WPscan to bypass WAF

To run the scan in hidden mode so that the web application firewall cannot detect Wpscan, we can try --random-user-agent and --stealthy options.

It was a quick tutorial and an introduction to installing WPscan on Ubuntu 20.04 and other similar Linux distributions. To learn more about this tool, you can consult its GitHub page / documentation.

About Jon Moses

Check Also

Intel promises “substantial contributions” to the growth of RISC-V • The Register

Analysis Here’s something that would have seemed odd just a few years ago: to help …

Leave a Reply

Your email address will not be published.