WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.
- (Optional but highly recommended: RVM)
- Ruby >= 2.3 - Recommended: latest
- Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see #1283
- Curl >= 7.21 - Recommended: latest
- The 7.29 has a segfault
- RubyGems - Recommended: latest
From RubyGems (Recommended)
gem install wpscan
Gem::FilePermissionErroris raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run
sudo gem install -n /usr/local/bin wpscan(see #1286)
From sources (NOT Recommended)
git clone https://github.com/wpscanteam/wpscan cd wpscan/ bundle install && rake install
You can update the local database by using
Updating WPScan itself is either done via
gem update wpscanor the packages manager (this is quite important for distributions such as in Kali Linux:
apt-get update && apt-get upgrade) depending how WPScan was (pre)installed
Pull the repo with
docker pull wpscanteam/wpscan
docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u
docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-100
wpscan --url blog.tldThis will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then
wpscan --stealthy --url blog.tldcan be used. As a result, when using the
--enumerateoption, don't forget to set the
--plugins-detectionaccordingly, as its default is 'passive'.
For more options, open a terminal and type
wpscan --help(if you built wpscan from the source, you should type the command outside of the git repo)
The DB is located at ~/.wpscan/db
WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
proxy: 'http://127.0.0.1:8080' verbose: true
proxy: 'socks5://127.0.0.1:9090' url: 'http://target.tld'
wpscanin the current directory (pwd), is the same as
wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld
wpscan --url https://target.tld/ --enumerate u
wpscan --url https://target.tld/ --enumerate u1-100
WPScan Public Source License
The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2019 WPScan Team.
Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
1.1 "License" means this document.
1.2 "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
1.3 "WPScan Team" means WPScan’s core developers.
A commercial use is one intended for commercial advantage or monetary compensation.
Example cases of commercialization are:
- Using WPScan to provide commercial managed/Software-as-a-Service services.
- Distributing WPScan as a commercial product or as part of one.
- Using WPScan as a value added service/product.
- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
- Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
- Using WPScan to test your own systems.
- Any non-commercial use of WPScan.
Free-use Terms and Conditions;
Redistribution is permitted under the following conditions:
- Unmodified License is provided with WPScan.
- Unmodified Copyright notices are provided with WPScan.
- Does not conflict with the commercialization clause.
Copying is permitted so long as it does not conflict with the Redistribution clause.
Modification is permitted so long as it does not conflict with the Redistribution clause.
Any Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor's content.
WPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the WPScan Team.
8. Disclaimer of Warranty
WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
9. Limitation of Liability
To the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's actions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.
Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
The "wpscan" term is a registered trademark. This License does not grant the use of the "wpscan" trademark or the use of the WPScan logo.