handbook/tools/4.Exploitation/Scanner/WPscan.md

17 lines
1 KiB
Markdown
Raw Permalink Normal View History

2024-08-30 23:07:22 +00:00
## What is WPScan?
WPScan is a popular open-source security scanner for WordPress websites. It is designed to detect vulnerabilities and security issues in WordPress installations by scanning the core WordPress files, themes, and plugins for known vulnerabilities, outdated software versions, and other potential security issues.
WPScan is a command-line tool written in Ruby and is available for Linux, macOS, and Windows operating systems. It is widely used by WordPress developers, security researchers, and website owners to ensure the security of their WordPress websites.
## Common Use and Commands
To use WPScan, you need to install it on your local machine or server. Once installed, you can run WPScan with the following command:
Commands
```
wpscan --url URL --enumerate u
```
## More Information
If you want to learn more about WPScan or contribute to its development, you can check out the official Github repository at [https://github.com/wpscanteam/wpscan](https://github.com/wpscanteam/wpscan).