Saturday, July 15, 2017

Kali Linux Tutorial How To Brute Force Wordpress Using Wpscan Tool

Kali Linux Tutorial How To Brute Force Wordpress Using Wpscan Tool


Kali-linux-brute-force-wordpress-wpscan- picateshackz.com

As a WordPress administrator or webmaster you are responsible for the security of the WordPress blog or website you manage. Most probably you’ve already done a lot to beef up the security and today we will show you how to brute force Wordpress password in Kali Linux using Wpscan to checking your Password Strength.

Disclaimer: This tutorial is for educational purposes only and we are NOT responsible in any way for how this information is used, use it at your own risk.



As we now WPScan is a black box WordPress vulnerability scanner, and it is installed by default in kali linux we will use it for brute forcing wordpress, If you have no idea about Kali Linux then i recommend you to read this article: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial.

We will use our wordpress platform that we already installed in our kali linux. If you have not already done visit our article: Complete Guide To Setup Wordpress In Kali Linux With Xampp Server .



Letss start,


  • Open your Kali Linux Terminal and start Xampp server by typing the following command:
root@kali: /opt/lampp/lampp start

  • Now we need to Enumerate users, type in terminal:
root@kali: wpscan -u 127.0.0.1/wordpress --enumerate u

Kali-linux-brute-force-wordpress-wpscan- picateshackz.com


  • Wpscan will automatically search the admin username.

Kali-linux-brute-force-wordpress-wpscan- picateshackz.com

  • Now Do wordlist password brute force on the username, type in terminal:

root@kali: wpscan --url 127.0.0.1/wordpress --wordlist /root/pass --username k4linux

Kali-linux-brute-force-wordpress-wpscan- picateshackz.com


  • --wordlist set the location of your Password Wordlist

  • --username set the administrator username that you have found

Kali-linux-brute-force-wordpress-wpscan- picateshackz.com


After a search Wpscan will find the password and this will take a few minutes, this depends on your Wordlist.

Efficiency of the Brute Force depend on how much strong is your wordlist and how many password contains it.


Watch the video tutorial for more explanation (Wpscan):




Credits: http://www.k4linux.com/

Recommended Hacking Tutorial:

  • How to Hack Website Using Sql Map in Kali Linux - Sql Injection
  • Kali Linux Tutorial: Find Vulnerabilities for Any Website Using Nikto
  • Heartbleed Attack: Exploiting OpenSSL Vulnerability Using Metasploit
  • Kali Linux Tutorial: Hack a Website login Page Password Using Wireshark


Available link for download