Penetration testing is process of evaluating the security of Computer system or network System by simulating an attack .In this article i am going to show you How to perform penetration test for WordPress website with Kali Linux.
Navigate to Applications > Kali Linux > Web Applications > CMS identification > select wpscan
or enter the following command on the Terminal root@kali:~#wpscan -h
1. Check the Installed Plugins :-
Open the Terminal and enter the following command
| root@Kali:~#wpscan – – url www.example.com –enumerate p |
In this test, i performed this test on the one of the most popular computer education site to check the installed plugins. WP-Scan found the 15 active plugins.
2. Check the Running WordPress version :-
Open the terminal and enter the following command
| root@Kali:~#wpscan – – url www.yourtargetsite.com |
it detects the WordPress version running on a site is 3.6.1 .
3. Finding Username
Open the Terminal and enter the following command to enumerate the Username of WordPress site.
| root@Kali:~#wpscan – – url www.yourtargetsite.com – – enumerate u |
As you seen in the below image, it,s find out two users on the WordPress site.
4. Perform Brute-force attack on “admin ” User only
Open the terminal and enter the following command to perform Brute force attack on the admin user.
| root@Kali:~#wpscan – – url www.yourtargetsite.com – -wordlist yourwordlist.txt – -username admin |
Where youwordlist.txt is your wordlist location. Check my article HOW TO CREATE OUR OWN WORDLIST USING CRUNCH IN KALI LINUX
5. Brute Force attack on Enumerated User :-
Open the terminal and enter the following command
| root@Kali:~#wpscan – – url www.yourtargetsite.com – -wordlist yourwordlist.txt – -threads 50 |
6. Use HTTP and Socks 5 Proxy during Pen-testing :-
To use a HTTP Proxy enter the following command :-
| root@Kali:~#wpscan – – url www.yourtargetsite.com – -proxy 17.0.0.1:8118 |
To use a Socks 5 proxy ( cURL >= v7.21.7 needed )
| root@Kali:~#wpscan – – url www.yourtargetsite.com – -proxy socks5://127.0.0.1:9000 |
Out Of Topic Show Konversi KodeHide Konversi Kode Show EmoticonHide Emoticon