WPScan is a command-line tool; open a Terminal to start using it:
- Run WPScan against our target with the wpscan http://192.168.56.11/wordpress/ command; the URL is the location of the WordPress site we want to scan.
- If this is the first time you are running WPScan, it will ask to update the database, which requires internet connection. In our laboratory setup, the Kali Linux VM doesn't have internet connection, so it is a good idea first to change its network setup, update the tools we are using, and connect it back to the laboratory after that's finished. To update, you just need to answer Y and press Enter when asked. The following screenshot shows the expected output:
- Once the update is finished, WPScan will continue ...