Install wpscan on Ubuntu


in this small post, I will just explain how to install wpscan, a popular tool that allow someone to scan WordPress site and find issues or vulnerabilities. For simplicity reasons, I created a Bash script that install wpscan automatically on Ubuntu. This script has been tested on Ubuntu 17.10 (Artful) but it should work with other versions. Just copy the following content and save it into a .sh file, make it executable (chmod +x) and run it.


# Installing wpscan on Ubuntu
# @author : Cyrill Gremaud (
# @date : 24th february 2018
# @source :
# @version : 1.0

#global variables

#print info
printf "${GREEN}***************************************************************************\n"
printf "${GREEN}***************************************************************************\n"

#update the sources and install requirements
printf "${GREEN} => installing dependencies\n${NC}"
sudo apt update > /dev/null 2>&1
sudo apt install git libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev --yes > /dev/null 2>&1

#download wpscan from github
printf "${GREEN} => download wpscan sources (from github)\n${NC}"
cd /home/$USER/Desktop
git clone > /dev/null 2>&1
cd wpscan/

#install ruby
printf "${GREEN} => install Ruby 2.5.0\n${NC}"
rvm install "ruby-2.5.0\n" > /dev/null 2>&1

#install wpscan
printf "${GREEN} => install bundler and wpscan\n${NC}"
gem install bundler > /dev/null 2>&1
bundle install --without test development > /dev/null 2>&1

#update wpscan
printf "${GREEN} => update wpscan databases\n${NC}"
ruby wpscan.rb --update > /dev/null 2>&1

#start wpscap
printf "${GREEN} => Start wpscan for you\n${NC}"
ruby wpscan.rb --help

After the content is saved into a file, for example, make it executable and run it.

chmod +x

After the installation has been finished, you will be in wpscan tool. I will not explain the various available commands because the –help of wpscan gives a lot of examples and the explanations are very clear. Run this tool only against websites that you are allowed to do it and analyze the outputs to find vulnerabilities.


Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.