Wpscan (‘WordPress Scan’)

Web Application Scanner


What is Wpscan
Wpscan is a black box WordPress vulnerability scanning tool that is used to scan remote WordPress installations to find security problems.

Is Wpscan free?
Yes, it is a free hacking tool and is mostly used for WordPress websites.

WPScan includes pre-installed on the following Linux distributions:

  1. BackBox Linux
  2. Kali Linux
  3. Pentoo
  4. SamuraiWTF
  5. BlackArch

What are the Typical Uses for Wpscan
WPScan has a few “default vulnerable plugins and themes” saved that it will scan your website for, and check if the files and fingerprints that it has in it’s files (text files, config files) matches any of the files and folders that you’ve got on your live site.

If WPScan finds a match for a known vulnerable plugin, it will show up a few links to more information about the security threat, these links are usually links to SecurityFocus’s CVE database, where you can read a lot of detailed information about these vulnerability, usually with code samples and examples of how to exploit a vulnerability.


How To Install Wpscan
This tool works best on Linux, preferably something like Kali Linux, Backbox or any other flavours therein for Pentesting Purposes.

Step 1: wpscan

Step 2: wpscan --url (Your URL)


Enjoy and use responsibly!



Leave a comment or reply below...thanks!