Description

WPScan is a free tool developed by Sucuri.net to help WordPress site developers, owners and maintainers point out and identify problems so they can be quickly resolved.


  1. Install system-wide dependencies.
  2. ]$ sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch

  3. Clone the WPScan Git repository locally.
  4. ]$ git clone https://github.com/wpscanteam/wpscan.git

  5. Move into the newly cloned local WPScan repository.
  6. ]$ cd wpscan/

  7. Install WPScan-specific dependencies, round 1.
  8. ]$ bundle install --without test --path vendor/bundle
    If you get a timeout error like this, re-run the command

  9. Install WPScan-specific dependencies, round 2.
  10. ]$ bundle install --without test --path vendor/bundle

  11. Scan any WordPress website for potential vulnerabilities.
  12. ]$ ./wpscan.rb --url wp-root.org

Last Modified: 14 Feb, 2016 at 15:01:13