Hello Everyone, Today we’re going to search for WordPress exploits using wpscan and metasploit.

What things you require?

  1. Wpscan
  2. Metasploit

If your using Kali Linux both of them is already installed, If you’re using other operating system you need to install them. However i will suggest you to go stay with Kali Linux.

Don’t Miss: WordPress Vulnerability Scanning With WPSeku

Let’s Get Started!

What is WPscan ?

The WPScan software (henceforth referred to simply as “WPScan”) is dual-licensed – Copyright 2011-2016 WPScan Team.

Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.

How to start Wpscan?

How To Scan And Exploit WordPress Website Using WPScan And Metasploit

WPScan Examples

Do ‘non-intrusive’ checks…

Do wordlist password brute force on enumerated users using 50 threads…

Do wordlist password brute force on enumerated users using STDIN as the wordlist…

Do wordlist password brute force on the ‘admin’ username only…

Don’t Miss: Large Password Lists

Enumerate installed plugins…

Run all enumeration tools…

Use custom content directory…

Update WPScan’s databases…

Debug output…

Arguments

I Have Tested WPScan to show you how it gives us output. I have tested on public website and replaced the real domain with domain.com

Don’t Miss: 10 Things to do after Installing Kali Linux 2017

Using WPScan we can find installed plugins and themes and search for exploits according to those plugins and themes. After that we’re gonna start with metasploit and try to exploit through those vulnerabilities . I’m not going to attack on public sites this article is for education purpose only.

Let’s Start with Metasploit.

How To Scan And Exploit WordPress Website Using WPScan And Metasploit

There’s tons of exploits if you search in metasploit, After searching for installed themes and plugins using WPScan you can search those in metasploit and easily can exploit and get shell.