Day after day, new vulnerabilities are being discovered. as a bug hunter, you can find vulnerabilities in websites. if somehow you do this, you will be paid. but the question is how to FIND.
in this tutorial, I am using two tools. both of the tools are made to find vulnerabilities in websites.
first one is wpscan and the second one is vega.
NO.1
WPSCAN
it is a tool for WordPress sites as we can get it from its name. if you are using Kali Linux, you won’t need to install it.
for other- DOWNLOAD
it has a huge vulnerability database. this tool searches the vulnerabilities from its database.
before using this tool, make sure you have updated your database for more vulnerabilities.
BTW, it is written in ruby. so you should have ruby installed in your system to run this.
type this command to see help:
wpscan --help
it will show you to use this tool.
To update Wpscan:
wpscan --update
To start a simple scan:
wpscan --url technicalnavigator.in
To enumerate users:
wpscan --url technicalnavigator.in --enumerate u
To enumerate plugins:
wpscan --url technicalnavigator.in --enumerate p
To use an HTTP proxy:
wpscan --url technicalnavigator.in --proxy <ip:port>
these are some basic example of Wpscan.
NO.2
VEGA
it has a graphical user interface. you can download it with this link
https://subgraph.com/vega/download/
it has three windows, the website view, the scan alerts, scan info.
it is a short process to find vulnerabilities in websites.
just add your target URL or IP in the website view window. now you don’t need to do anything. it will start to analysis the website.
the tool will show you the vulnerabilities in scan alerts window by risks level.
Note – if you don’t know about owsap top 10 then you won’t be able to understand anything.
to know about owsap top 10, watch this:
Thanks For Visiting
