24 May 2023
You can find the technical segment write-up here.
Learn how to use WPScan to scan WordPress sites stealthily for vulnerabilities and configure it to run continuously.
- WPScan is a free tool for scanning WordPress sites for vulnerabilities and can be easily installed via Ruby.
- Stealthy scanning can be achieved using WPScan’s options to modify the scan profile and avoid being blocked.
- WPScan requires an API key for vulnerability enumeration, which can be obtained for free but limits up to 30 API calls daily.
- Creating a yaml configuration file allows for inputting specific options, such as user agent and scanning in passive mode. It can be used to run WPScan continuously via cron jobs or scripts.
- Updating the internal database is essential and can be done with the “–update” flag after running WPScan.