The following steps are needed in order to perform a scan against a WordPress site using WPScan:
- From the command line, we will run the following to make sure that we have the latest database downloaded and installed:
root@kali:~/Chapter9# wpscan --update
- Once complete and updated, we now can use WPScan to start evaluating the security of our target WordPress site (located on our OWASP-BWA image):
root@kali:~/Chapter9# wpscan --url http://192.168.56.100/wordpress/ --enumerate vp,vt --log wpscan.log
- The preceding command runs WPScan against our WordPress instance on our OWASP-BWA host and looks for known vulnerable plugins (vp) and known vulnerable themes (vt), and saves the information to wpscan.log.
When scanning a ...