How to list users on a WordPress website with the Kali Linux distribution and wpscan.

Posted: July 30, 2014. At: 5:30 PM. This was 3 years ago. Post ID: 7581

Kali Linux has available to it a Ruby script that may be used to list all users on a WordPress website. Use the command below to scan a website for security vulnerabilties and see if there are any problems with the website.

[email protected]:~# wpscan --url mywordpresssite.com --enumerate user

Use this if you are a website owner and you need to scan your own website to find any problems.

Here is some sample output from a scan of wordpress.org.

[email protected]:~# wpscan --url wordpress.org --enumerate user
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|</code>
 
WordPress Security Scanner by the WPScan Team
Version v2.4.1
Sponsored by the RandomStorm Open Source Initiative
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________
 
[+] URL: http://wordpress.org/
[+] Started: Wed Jul 30 01:27:07 2014
 
[+] robots.txt available under: 'http://wordpress.org/robots.txt'
[+] Interesting entry from robots.txt: http://wordpress.org/search
[+] Interesting entry from robots.txt: http://wordpress.org/support/search.php
[+] Interesting entry from robots.txt: http://wordpress.org/extend/plugins/search.php
[+] Interesting entry from robots.txt: http://wordpress.org/plugins/search.php
[+] Interesting entry from robots.txt: http://wordpress.org/extend/themes/search.php
[+] Interesting entry from robots.txt: http://wordpress.org/themes/search.php
[+] Interesting entry from robots.txt: http://wordpress.org/support/rss
[+] Interesting entry from robots.txt: http://wordpress.org/archive/
[+] Interesting header: SERVER: nginx
[+] Interesting header: X-NC: HIT lax 250
[+] This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)
[+] XML-RPC Interface available under: http://wordpress.org/xmlrpc.php
 
[+] WordPress version 4.0-beta2-20140729 identified from rss generator
 
[+] Enumerating plugins from passive detection ...
[+] No plugins found
 
[+] Enumerating usernames ...
[!] Stop User Enumeration plugin detected, results might be empty. However a bypass exists, see stop_user_enumeration_bypass.rb in /usr/share/wpscan
[+] We did not enumerate any usernames
 
[+] Finished: Wed Jul 30 01:27:19 2014
[+] Memory used: 1.113 MB
[+] Elapsed time: 00:00:11

Here is another example, I installed wpscan from git using this tutorial: http://www.linuxx.eu/2014/02/wpscan-tutorial-debian-ubuntu-etc.html.

homer@deusexmachina ~/wpscan $ ruby wpscan.rb --url https://www.wordpress.com --enumerate users
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|</code>
 
WordPress Security Scanner by the WPScan Team
Version v2.4.1r9b1312c
Sponsored by the RandomStorm Open Source Initiative
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________
 
[i] The remote host tried to redirect to: https://wordpress.com/
[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]y
[+] URL: https://wordpress.com/
[+] Started: Wed Jul 30 17:25:14 2014
 
[+] robots.txt available under: 'https://wordpress.com/robots.txt'
[+] Interesting entry from robots.txt: https://wordpress.com/next/
[+] Interesting entry from robots.txt: https://wordpress.com/mshots/v1/
[+] Interesting entry from robots.txt: https://wordpress.com/activate/
[+] Interesting entry from robots.txt: https://wordpress.com/wp-login.php
[+] Interesting entry from robots.txt: https://wordpress.com/signup/
[+] Interesting entry from robots.txt: https://wordpress.com/related-tags.php
[+] Interesting entry from robots.txt: https://wordpress.com/public-api/
[+] Interesting entry from robots.txt: https://wordpress.com/cgi-bin/
[+] Interesting header: SERVER: nginx
[+] Interesting header: X-AC: 2.lax _dfw
[+] Interesting header: X-FRAME-OPTIONS: SAMEORIGIN
[+] This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)
[+] XML-RPC Interface available under: https://wordpress.com/xmlrpc.php
 
[+] Enumerating plugins from passive detection ...
[+] No plugins found
 
[+] Enumerating usernames ...
[+] Identified the following 1 user/s:
+----+-------+------+
| Id | Login | Name |
+----+-------+------+
| 5 | matt | Matt |
+----+-------+------+
 
[+] Finished: Wed Jul 30 17:25:36 2014
[+] Memory used: 67.129 MB
[+] Elapsed time: 00:00:22

This utility is perfect for examining your website for security vulnerabilities. If you have Kali Linux then this is already installed.

No comments have been made. Use this form to start the conversation :)

Leave a Reply