Install WordPress Vulnerability Scanner WPScan on Kali Linux : WPScan is a black box vulnerability scanner for WordPress websites which is used to find out all possible WordPress vulnerabilities like vulnerable plugins, vulnerable themes and other existing WordPress vulnerabilities. Today we will learn how to install WPscan tool on Kali Linux.
Note: Using of WPScan tool without Penetration testing authorization from clients is illegal. Hackingloops is not responsible for any damages. Please read disclaimer.
Install Wordpress Vulnerability Scanner WPScan Tool on Kali Linux :
1. Go to Kali Linux and Open the terminal for installation of WordPress vulnerability scanner.
2. Install Git in Kali Linux if not present : Since the latest version of WPScan is present at Github, we first need to update the Git. We can do so by running below command in terminal :
sudo apt-get install git
3. Once Git is installed, let fix Kali Linux dependencies for latest Ruby development enviornment, it can be done by running below command in terminal:
sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make
4. Now we are ready to install WPScan tool on Kali Linux, we will install it from Github by running below command in terminal :
git clone https://github.com/wpscanteam/wpscan.git
5. Once the download is completed, let change our directory to WPscan directory, which we can do by below command :
cd wpscan
6. Now in order to use WPscan tool we will require bundler. As we know WPScan is an ruby application which uses ‘Gems’ as part of programming language. Bundler will help keep WPScan and all of its “gems” or dependencies updated effectively.
We can install bundler by running below command in WPScan directory :
sudo gem install bundler && bundle install --without test
It will take some time to update all required things for first execution like WPScan, Vulnerability database etc.
That’s it Guys!! WPScan tool is ready for use. In our next tutorial i will show you how to use WPScan tool to find out all the vulnerabilities in WordPress website and how we can use those vulnerabilities to get WordPress admin access.
This is how we install WordPress Vulnerability Scanner. Keep Learning !! Keep Connected !!
sk zishan says
hello im getting this error while nstalling gem…
~/wpscan# sudo gem install bundler && bundle install –without testERROR: Loading command: install (LoadError)
/usr/lib/x86_64-linux-gnu/ruby/2.3.0/openssl.so: symbol SSLv2_method, version OPENSSL_1.0.2d not defined in file libssl.so.1.0.2 with link time reference – /usr/lib/x86_64-linux-gnu/ruby/2.3.0/openssl.so
ERROR: While executing gem … (NoMethodError)
undefined method `invoke_with_build_args’ for nil:NilClass
root@ethical:~/wpscan#
brad says
same