Admin... by accident!

You may have chosen to be an admin. I didn't!

How to install WPScan on FreeBSD

by

Vulnerability scanners are useful tools to find issues on systems, networks and the like. WPScan is dedicated to find vulnerabilities on WordPress installations. A short tutorial as an introduction to the tool has been published here. So if you are interested on the tool and on FreeBSD, let’s dig on this how to install WPScan on FreeBSD.

If you find the articles in Adminbyaccident.com useful to you, please consider making a donation.

Use this link to get $200 credit at DigitalOcean and support Adminbyaccident.com costs.

Get $100 credit for free at Vultr using this link and support Adminbyaccident.com costs.

Mind Vultr supports FreeBSD on their VPS offer.

If you’ve been reading me for some time I am a huge fan of FreeBSD Jails. If you want to try them out you can check this article. So we’ll start by creating a separate Jail so we’ll install it there. However you may be a pentester or a Kali Linux user. WPScan already comes installed in Kali. If you desire you can also install it on your FreeBSD desktop, so it’s in your current listed apps, so there is no need to use Jails here. The same steps will apply on a regular desktop

Avoid this step if you are not willing to use a Jail since this will create one.

[Greta@VanFleet ~]$ sudo iocage create --release 11.2-RELEASE -n WPScan ip4_addr="em0| 192.168.1.128/24"

Password:

WPScan successfully created!

[Greta@VanFleet ~]$

You can also skip this next step because this will update the just created jail.

[Greta@VanFleet ~]$ sudo iocage update WPScan

* Updating WPScan to the latest patch level...

src component not installed, skipped

Looking up update.FreeBSD.org mirrors... 3 mirrors found.

Fetching metadata signature for 11.2-RELEASE from update4.freebsd.org... done.

Fetching metadata index... done.

Fetching 2 metadata patches.. done.

Applying metadata patches... done.

Inspecting system... done.

Preparing to download files... done.

Fetching 54 patches.....10....20....30....40....50.. done.

Applying patches... done.

Fetching 1 files... done.

A ton of output here...

src component not installed, skipped

Installing updates... done.

WPScan has been updated successfully.

[Greta@VanFleet ~]$

You can start following the steps now if you are not using a Jail. Let’s continue by install ruby.

root@WPScan:~ # pkg install ruby

Updating FreeBSD repository catalogue...

FreeBSD repository is up to date.

All repositories are up to date.

The following 4 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:

ruby: 2.4.5_1,1

libyaml: 0.2.1

libunwind: 20170615

libedit: 3.1.20181209_2,1

Number of packages to be installed: 4

The process will require 44 MiB more space.

9 MiB to be downloaded.

Proceed with this action? [y/N]:y

Some output later...

Message from ruby-2.4.5_1,1:

====

Some of the standard commands are provided as separate ports for ease

of upgrading:

devel/ruby-gems: gem - RubyGems package manager

devel/rubygem-rake: rake - Ruby Make

And some of the standard libraries are provided as separate ports

since they require extra dependencies:

databases/ruby-gdbm: GDBM module

Install them as occasion demands.

====

root@WPScan:~ #

Once we’ve got ruby installed let’s go for the gems manipulation framework.

root@WPScan:~ # pkg install ruby24-gems

Updating FreeBSD repository catalogue...

FreeBSD repository is up to date.

All repositories are up to date.

The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:

ruby24-gems: 3.0.3

Number of packages to be installed: 1

The process will require 2 MiB more space.

399 KiB to be downloaded.

Proceed with this action? [y/N]: y

root@WPScan:~ #

Let’s install one last dependency. Curl, my friends.

root@WPScan:~ # pkg install curl

Updating FreeBSD repository catalogue...

FreeBSD repository is up to date.

All repositories are up to date.

The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:

curl: 7.64.0_1

libnghttp2: 1.37.0

ca_root_nss: 3.42.1

Number of packages to be installed: 3

The process will require 5 MiB more space.

2 MiB to be downloaded.

Proceed with this action? [y/N]: y

Some output later...

root@WPScan:~ #

Last step is installing the WPScan ruby gem.

root@WPScan:~ # gem install wpscan

Fetching wpscan-3.4.5.gem

Successfully installed wpscan-3.4.5

Parsing documentation for wpscan-3.4.5

Installing ri documentation for wpscan-3.4.5

Done installing documentation for wpscan after 0 seconds

1 gem installed

Fetching mini_portile2-2.4.0.gem

Successfully installed mini_portile2-2.4.0

Fetching nokogiri-1.10.1.gem

Building native extensions. This could take a while...

Successfully installed nokogiri-1.10.1

Fetching concurrent-ruby-1.1.5.gem

Successfully installed concurrent-ruby-1.1.5

Fetching minitest-5.11.3.gem

Successfully installed minitest-5.11.3

Fetching thread_safe-0.3.6.gem

Successfully installed thread_safe-0.3.6

Fetching tzinfo-1.2.5.gem

Successfully installed tzinfo-1.2.5

Fetching i18n-1.6.0.gem

HEADS UP! i18n 1.1 changed fallbacks to exclude default locale.

But that may break your application.

Please check your Rails app for 'config.i18n.fallbacks = true'.

If you're using I18n (>= 1.1.0) and Rails (< 5.2.2), this should be

'config.i18n.fallbacks = [I18n.default_locale]'.

If not, fallbacks will be broken in your app by I18n 1.1.x.

For more info see:

https://github.com/svenfuchs/i18n/releases/tag/v1.1.0

Successfully installed i18n-1.6.0

Fetching activesupport-5.2.2.1.gem

Successfully installed activesupport-5.2.2.1

Fetching public_suffix-3.0.3.gem

Successfully installed public_suffix-3.0.3

Fetching addressable-2.6.0.gem

Successfully installed addressable-2.6.0

Fetching opt_parse_validator-0.0.17.0.gem

Successfully installed opt_parse_validator-0.0.17.0

Fetching ruby-progressbar-1.10.0.gem

Successfully installed ruby-progressbar-1.10.0

Fetching ffi-1.10.0.gem

Building native extensions. This could take a while...

Successfully installed ffi-1.10.0

Fetching ethon-0.12.0.gem

Successfully installed ethon-0.12.0

Fetching typhoeus-1.3.1.gem

Successfully installed typhoeus-1.3.1

Fetching xmlrpc-0.3.0.gem

Successfully installed xmlrpc-0.3.0

Fetching yajl-ruby-1.4.1.gem

Building native extensions. This could take a while...

Successfully installed yajl-ruby-1.4.1

Fetching cms_scanner-0.0.41.8.gem

Successfully installed cms_scanner-0.0.41.8

Parsing documentation for mini_portile2-2.4.0

Installing ri documentation for mini_portile2-2.4.0

Parsing documentation for nokogiri-1.10.1

Installing ri documentation for nokogiri-1.10.1

Parsing documentation for concurrent-ruby-1.1.5

Installing ri documentation for concurrent-ruby-1.1.5

Parsing documentation for minitest-5.11.3

Installing ri documentation for minitest-5.11.3

Parsing documentation for thread_safe-0.3.6

Installing ri documentation for thread_safe-0.3.6

Parsing documentation for tzinfo-1.2.5

Installing ri documentation for tzinfo-1.2.5

Parsing documentation for i18n-1.6.0

Installing ri documentation for i18n-1.6.0

Parsing documentation for activesupport-5.2.2.1

Installing ri documentation for activesupport-5.2.2.1

Parsing documentation for public_suffix-3.0.3

Installing ri documentation for public_suffix-3.0.3

Parsing documentation for addressable-2.6.0

Installing ri documentation for addressable-2.6.0

Parsing documentation for opt_parse_validator-0.0.17.0

Installing ri documentation for opt_parse_validator-0.0.17.0

Parsing documentation for ruby-progressbar-1.10.0

Installing ri documentation for ruby-progressbar-1.10.0

Parsing documentation for ffi-1.10.0

Installing ri documentation for ffi-1.10.0

Parsing documentation for ethon-0.12.0

Installing ri documentation for ethon-0.12.0

Parsing documentation for typhoeus-1.3.1

Installing ri documentation for typhoeus-1.3.1

Parsing documentation for xmlrpc-0.3.0

Installing ri documentation for xmlrpc-0.3.0

Parsing documentation for yajl-ruby-1.4.1

Installing ri documentation for yajl-ruby-1.4.1

Parsing documentation for cms_scanner-0.0.41.8

Installing ri documentation for cms_scanner-0.0.41.8

Parsing documentation for wpscan-3.4.5

Installing ri documentation for wpscan-3.4.5

Done installing documentation for mini_portile2, nokogiri, concurrent-ruby, minitest, thread_safe, tzinfo, i18n, activesupport, public_suffix, addressable, opt_parse_validator, ruby- progressbar, ffi, ethon, typhoeus, xmlrpc, yajl-ruby, cms_scanner, wpscan after 25 seconds

19 gems installed

root@WPScan:~/wpscan #

WPScan has been now installed on your desktop or jail. You can now start using it to check for vulnerabilities in your WordPress installs or your customer’s ones. To test the install you can start by doing a quick install.

root@WPScan:~ # wpscan --url http://myfancysite.com

If you get an error similar to this one:

Scan Aborted: The target is responding with a 403, this might be due to a WAF. Please re-try with –random-user-agent

Just then use this as a test scan:

root@WPScan:~ # wpscan –randon-user-agent --url http://myfancysite.com

If you find the articles in Adminbyaccident.com useful to you, please consider making a donation.

Use this link to get $200 credit at DigitalOcean and support Adminbyaccident.com costs.

Get $100 credit for free at Vultr using this link and support Adminbyaccident.com costs.

Mind Vultr supports FreeBSD on their VPS offer.