Install WPScan Vulnerability Scanner in CentOS

WPScan is a WordPress vulnerability scanner that can be used to scan WordPress installations for security issues.

It has probably saved me many hours of searching for vulnerabilities on my client’s sites. It’s easy to use and not much of an issue to install in most Linux distros (it comes preinstalled with Kali Linux and in any Debian based Linux you can simply apt the Kali Linux menu package).
But it’s a bit different installing it on CentOS so I decided to write a small tutorial.

Installing WPscan on CentOS 6.x

CentOS 6.x uses Ruby 1.8.7 which is too old for WPScan which requires Ruby 1.9.2+ and higher. We can use the rvm tool to manage and install the current version of Ruby (2.3.0).

 curl -sSL https://rvm.io/mpapis.asc | gpg -v --import -
curl -L https://get.rvm.io | bash -s stable
source /etc/profile.d/rvm.sh
echo '[[ -s "/etc/profile.d/rvm.sh" ]] && source "/etc/profile.d/rvm.sh"
echo $PATH
rvm requirements
type rvm | head -1
RUBYVER=2.3.1
rvm install ${RUBYVER}
rvm use ${RUBYVER} --default
rvm rubygems current

You will simply see something like the images below:
WpScan CentOS6 Install 1

WpScan CentOS6 Install 2

Now we check the Ruby version as seen in the last line of the image above:

ruby -v

Now we can install WPScan:

 yum -y install gcc ruby-devel rubygem-bundler libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch git
mkdir -p /root/tools
cd /root/tools
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
gem install bundler && bundle install --without test

We are done! WPScan has been installed on CentOS 6.x! Check at the bottom of this article for useful tips.

Installing WPscan on CentOS 7.2

Installing on CentOS 7 is quite easier than on 6.x so all we need are these few lines:

yum -y install gcc ruby-devel rubygem-bundler libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch git
mkdir -p /wordpress/tools  #pick any directory you want
cd /wordpress/tools
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
gem install bundler && bundle install --without test

Done!

Other tips

Updating your WPScan

cd /wordpress/tools/wpscan
git pull
ruby wpscan.rb --update

Perform a quick scan

 cd /wordpress/tools/wpscan
ruby wpscan.rb --url https://TheWebsiteLinkYouWishToTest.com

So that’s it! Enjoy!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.