Featured image of post Running WPScan to Scan WordPress with Docker
Experience Sharing

Running WPScan to Scan WordPress with Docker

WPScan is a tool specifically designed to scan WordPress websites for security vulnerabilities, and it is written in Ruby. WPScan…

WPScan is a powerful tool explicitly designed for scanning WordPress websites for security vulnerabilities. It is written in Ruby and can identify a variety of security issues within WordPress sites.

Running WPScan to Scan WordPress with Docker
WPScan employs several methods to scan for vulnerabilities in WordPress websites, including:

  • ** fuzzing:** WPScan tries to trigger security vulnerabilities on the WordPress site by sending fuzzed requests.
  • directory enumeration: WPScan attempts to enumerate directories and files to identify potential vulnerabilities.
  • version identification: WPScan works to determine the version of the WordPress website to check for known vulnerabilities.
  • plugin/theme detection: WPScan identifies installed plugins and themes on the WordPress site to look for any known issues.

As a robust tool for scanning WordPress security vulnerabilities, WPScan helps site administrators detect and remediate issues effectively.

There are various installation methods for WPScan, but using Docker is undoubtedly the simplest way.

The benefits of installing WPScan using Docker include:

  • Convenience: Docker allows for quick installation of WPScan without the need to manually install Ruby or any dependencies.
  • Portability: Docker containers can run across different platforms, meaning WPScan can be installed on any system.
  • Security: Docker containers isolate the runtime environment of WPScan, protecting the host system from potential harm.

Specifically, the steps to install WPScan using Docker are as follows:

  1. Pull the WPScan image: docker pull wpscanteam/wpscan

  2. Run the scanning program:

    1

    sudo docker run -it --rm wpscanteam/wpscan --url https://xxxx.com/ --enumerate u --api-token YOUR_API_TOKEN --login-uri /wp/wp-login.php --wp-content-dir /wp/wp-content/ --wp-plugins-dir /wp/wp-content/plugins

    If the website’s directory structure hasn’t changed, you can omit parameters following the API token.

  3. Brute-force website user passwords:

    1

    sudo docker run -it -v /home/root/wpscan:/tmp/dict --rm wpscanteam/wpscan --url https://www.xxxxx.com/ -P /tmp/dict/password_dictionary.txt -U user1,user2,user3 --login-uri /wordpress/wp-login.php

    (/home/root/wpscan is the dictionary directory on the host, which will be mapped to the directory inside the Docker container.)

Wpscan
Licensed under CC BY-NC-SA 4.0