Let’s scan WordPress website in order to find vulnerabilities to exploit using WPScan and Metasploit.

What things you require?

  1. Wpscan
  2. Metasploit

If your using Kali Linux both of them is already installed, If you’re using other operating system you need to install them.

Don’t Miss: WordPress Vulnerability Scanning With WPSeku

Let’s Get Started!

What is WPscan ?

The WPScan software (henceforth referred to simply as “WPScan”) is dual-licensed – Copyright 2011-2016 WPScan Team.

Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.

How to start Wpscan?

WPScan Examples

Do ‘non-intrusive’ checks…

Do word-list password brute force on enumerated users using 50 threads…

Do word-list password brute force on enumerated users using STDIN as the word-list…

Do word-list password brute force on the ‘admin’ username only…

Don’t Miss: Large Password Lists

Enumerate installed plugins…

Run all enumeration tools…

Use custom content directory…

Update WPScan’s databases…

Debug output…

Arguments

I Have Tested WPScan to show you how it gives us output. I have tested on public website and replaced the real domain with domain.com

Don’t Miss: 10 Things to do after Installing Kali Linux 2017

Using WPScan we can find installed plugins and themes and search for exploits according to those plugins and themes. After that we’re gonna start with metasploit and try to exploit through those vulnerabilities . I’m not going to attack on public sites this article is for education purpose only.

Let’s Start with Metasploit.

How To Scan And Exploit WordPress Website Using WPScan And Metasploit

There’s tons of exploits if you search in metasploit, After searching for installed themes and plugins using WPScan you can search those in metasploit and easily can exploit and get shell.