Vuls

Vuls

  • Docs
  • Community
  • Blog
  • Languages iconEnglish
    • 日本語
  • GitHub
  • vulsdoc

›Tutorial

Introduction

  • Abstract
  • Main Features
  • Supported OS

Architecture

  • Remote, Local, One-liner scan
  • Remote Scan Mode
  • One-liner scan mode
  • Local Scan Mode
  • architecture
  • Fast Scan
  • Fast-Root Scan
  • Deep Scan
  • CPE Scan

Installation

  • Vulsctl - Quickest Vuls setup
  • Vulsctl - Install on HostOS
  • Install Manually
  • Install with Docker
  • Install with Package
  • Install with Ansible
  • Install with awless

Tutorial

  • Tutorial
  • Scan with Vulsctl
  • Local Scan Mode
  • Remote Scan Mode
  • Scan using Docker
  • Scan Docker Image
  • Scan non OS packages
  • Scan WordPress
  • Scan Port
  • Scan Windows

Usage

  • config.toml
  • Automatic Discovery
  • configtest
  • Scan
  • Report
  • TUI
  • Server

Vulsrepo

  • VulsRepo

Development

  • Contribute
  • Integration Testing

Misc

  • Cron
  • Update Vuls to the latest version
  • go-cve-dictionary
  • goval-dictionary
  • gost
  • go-exploitdb
  • go-msfdb
  • go-kev
  • go-cti
  • Related Projects
  • Tips
Edit

Scan vulnerabilities of WordPress

Scan WordPress (core, plugin, theme)

For non-commercial use, you can use this WordPress integration for free. But for commercial use, You have to send a E-Mail to the WPScan Team. For Details, see the NOTE:

If you are under any doubt if your software is classed as non-commercial and/or would like to inquire about commercial usage of our databases get in touch.

First, you need to register a user and get the API token from your profile page on wpscan.com. And then, check whether the wp command is installed on the scan target server. A sample configuration is below.

  • config.toml
  [wpscan]
  token = "Token"
  detectInactive = false

  [servers.kusanagi]
    user = "root"
    host = "10.10.10.10"
    port = "22"

  [servers.kusanagi.wordpress]
    cmdPath = "/usr/local/bin/wp"
    osUser = "wordpress"
    docRoot = "/home/kusanagi/wp/DocumentRoot/"
    noSudo = false
  • token: A token of wpscan.com
  • detectInactive : Detect plugins or themes which are inactive state
  • cmdPath : A path of wp on the wordpress server
  • osUser : A OS user of wp on the wordpress server
  • docRoot : A path of document root on the wordpress server
  • noSudo : Run the wp command with sudo privileges

Scan

To scan WordPress, execute as below.

$ vuls scan kusanagi

Vuls collects WordPress Core version, plugins and themes via wp-cli.

Reporting

$ vuls report

Vuls detects vulnerabilities via accessing WPScan.com via HTTP.

  • Slack

slack

slack2

  • TUI

tui

  • Full-Text

text

Tips

  • If you have some virtual WordPress sites in a server.
  • If you want a report of only WordPress without OS packages.
# for server administrator
[servers.wordpress]
host = "wordpress"

# for WordPress site FOO
[servers.foo]
host = "wordpress"
scanModules = ["wordpress"]
[servers.foo.wordpress]
docRoot = "/home/foo/wordpress/"

# for WordPress site BAR
[servers.bar]
host = "wordpress"
scanModules = ["wordpress"]
[servers.bar.wordpress]
docRoot = "/home/bar/wordpress/"

If sudo cannot be executed with scan user

Set noSudo = true to execute the command without sudo.
If scan user and wordpress osUser are different, it is necessary to be able to switch from scan user to wordpress osUser without a password, since the command is executed by switching to wordpress osUser.
See PR #1523 if you want to know the actual command to be executed.

For example, the following config requires that the switch from user to wordpress (user $ su - wordpress) can be executed without a password.

[servers.wordpress]
user = "user"

[servers.wordpress.wordpress]
cmdPath     = "/usr/local/bin/wp"
osUser      = "wordpress"
docRoot     = "/var/www/html"
noSudo      = true
← Scan non OS packagesScan Port →
Vuls
Docs
IntroductionArchitectureTutorial
Community
Join SlackSlackTwitter(English)Twitter(Japanese)
More
BlogGitHub
Copyright © 2025 kotakanbe