Category Archives: SEO Tools

A selection of tools to help identify the needs of your target audience and explore visibility in Google

How to install WPScan on Windows 10

What is WPScan?

WPScan is described as a ‘black box’ WordPress vulnerability checker and is free to use. It took me a couple of hours fiddling around, so I thought I’d help you get this installed by showing you some of the problems and providing the files and sources I used to get it working.

What you need to know…

WPScan is a command line utility, so you will need to know a little bit about the command prompt environment and the PATH variable. It isn’t hugely tricky to use, just don’t expect a fancy user interface. You’ll be telling the executable what to run and how to run via the command prompt.

Installation requires:

    • Ruby (version 2.2.X is the one I’m using, but 2.3.X may be OK too)
    • DevKit (to add Ruby Gems. Gems are extensions to Ruby, and the DevKit helps to provide a sane environment on Windows when adding them)
    • libcurl.dll (a dynamic link library to help make internet requests using cURL)
    • WPScan (the software itself)

The steps are:

Install Ruby

Download a RubyInstaller .zip file from http://rubyinstaller.org/downloads/
Unzip the file and execute it – you will be prompted as follows:
a) Select setup language
b) Ruby License agreement

Ruby installation agreement window
Ruby installation license agreement

c) Installation directory
– check all the additional boxes to help with environment setup (you may not need Tcl/Tk, but if space is no issue, just do it anyway)
– installs in the root of C:\ drive

Ruby installation window
Ruby installation options

Install the DevKit

Download a DevKit for use with Ruby 2.0 and above (32bit version) from http://rubyinstaller.org/downloads/
Download here: DevKit-mingw64-32-4.7.2-20130224-1151-sfx.exe

Unzip the file and execute it
a) Edit the extraction path to change from the default user to the root C:\DevKit location as follows:

DevKit default installation path
DevKit default installation path
Devkit install path changed
Devkit install path changed

b) Extraction can take a while, be patient. It looks like it gets stuck at 17% and 35% on my machine…

DevKit install progress
DevKit install progress

c) Open a command prompt (right click on the windows icon in the bottom left and choose Command Prompt (Admin) from the context menu)
d) Go to the installation directory using ‘cd’ cd C:\DevKit
e) Type ruby dk.rb init to initialise the DevKit, ready for binding
f) Type ruby dk.rb install to bind the DevKit to the ruby installation(s) in your path

Install cURL (or just use the libcurl.dll provided)

Download ‘curl-7.46.0-win32.exe’ from http://www.confusedbycode.com/curl/#downloads Download here:  curl-7-46-0-win32
Download here: libcurl.dll
Run the installation wizard and follow these steps:
a) Ensure that the option to install ‘C headers, lib files and dlls’ is selected

Choosing Curl installation options
Remember to select the libraries

b) cURL should be installed here: C:\Program Files (x86)\cURL
c) Check that the libcurl.dll has been installed here: C:\Program Files (x86)\cURL\dlls as you will need to copy this file later to the Ruby22 binary directory.

Install WPScan

Download WPScan zipfile ‘wpscanteam-wpscan-2.9.1-58-g89c0b8d.zip’ from: https://wpscan.org/

Download here: wpscanteam-wpscan-2.9.1-58-g89c0b8d.zip
Unzip and run the installer
a) Install to C:\wpscan (for simplicity of navigating using the command prompt)
b) Unzip the sample data.zip file into the C:\wpscan directory to create C:\wpscan\data
c) Copy the libcurl.dll file from the cURL installation to the following directory C:\Ruby22\bin

Directory of Ruby bin showing libcurl.dll
Place a copy of libcurl.dll in the Ruby bin directory

Install Ruby Gems

It should now be possible to issue the following commands, to install components required by WPScan:
From the command prompt, cd to C:\wpscan and type the following instructions:
gem install bundler
gem install typhoeus
gem install rspec-its
gem install ruby-progressbar
gem install nokogiri
gem install terminal-table
gem install webmock
gem install simplecov
gem install rspec
gem install xml-simple
gem install yajl-ruby
gem install bundler && bundle install --without test

If you receive an error message about SSL when installing (and can’t fix it), then use the following command to add a non SSL source:
gem sources --add http://rubygems.org

Then try to add the gem packages above again.

Try to run WPScan…

Staying in the C:\wpscan folder:
a) Type ruby wpscan.rb at the command prompt
If you see the following error message, check that you have copied libcurl.dll to the C:\Ruby22\bin directory.

Download here: libcurl.dll

Error message if libcurl is missing
If you see this, copy libcurl.dll to C:\Ruby22\bin

b) Once you have started WPScan successfully, you may be prompted to update the database. Select Y when asked.
If you see the following error message, there is a work around  – turning off SSL verification:

Error message when updating WPScan
Certificate error when updating the WPScan database

To fix this issue, I found and edited the db_updater.rb file located here: C:\wpscan\lib\common

Find this file and edit it
Find this db_updater.rb file and edit it

Change the code as follows by editing the ssl_verifypeer paramter and setting it to false:

Edits to the db_updater.rb file
Change and save the file as shown

It’s working when you see this:

WPScan in the command window
WPScan is working and shows options

Congratulations!

You can now use WPScan to analyse WordPress installations for vulnerabilities.

Chrome Extensions for SEO – Local Search Tool

Search results can vary considerably from town to town, often dominated by local businesses and interests. Searching for a business type or professional will most often give rise to different search results, in some cases there is not a single URL on the first page of the SERPs that is shared between locations.

 

For example, the search term: dog walking

 

Results for that query will produce local independent dog walking businesses for each search location.

 

The Chrome Extension below, allows multiple location search and displays the rank positions for each location.

 

https://chrome.google.com/webstore/detail/search-intent-by-location/iakinikaphedeadbcddgnchjhnnjblop

 

A screenshot of the Chrome Extension is below:

 

Screenshot for Chrome Extension
Screenshot showing Chrome Extension download page

 

To use the extension once installed:

 

1. Go to Google.co.uk

 

2. Enter a search term

 

3. Start the Search Intent Tool

 

4. The status should read: “Step 1: Please change location in browser”

 

Screenshot showing Extension at startup
Screenshot showing Extension at startup

 

5. Follow the instructions by returning to Google.co.uk and using the ‘Search Tools’ menu, enter any location that is different from the current location shown. Changing the location in Google will initialise the extension and change the status shown to read ‘Ready to Search’.

 

Screenshot showing location change
Screenshot showing location change

 

6. The Chrome Extension should have updated automatically to reflect the current search term too:

 

Screenshot showing search term currently used
Screenshot showing search term currently used

 

7. At this stage, you can change the default search locations to places you wish to search. When edited, press the button beneath and results will be displayed beneath as they are gathered.

 

Screenshot showing interface as results come in for each location
Screenshot showing interface as results come in for each location

 

8. Once all the results are loaded, the URLs are shown alongside their position in the SERPs for each location. Depending upon the search term, the results can vary dramatically, the following screenshot shows major differences in SERPs for the term ‘dog walking’. Not all positions are visible in the image below.

 

Screenshot showing SERPs for dog walking in six locations
Screenshot showing SERPs for dog walking in six locations

 

Download the extension and give it a try for your preferred locations.

 

You can keep changing the locations to search again, adding to the results shown each time.

 

Let me know what you think of it !

 

 

 

Enhanced by Zemanta