All posts by David Sewell

How to install WPScan on Windows 10

What is WPScan?

WPScan is described as a ‘black box’ WordPress vulnerability checker and is free to use. It took me a couple of hours fiddling around, so I thought I’d help you get this installed by showing you some of the problems and providing the files and sources I used to get it working.

What you need to know…

WPScan is a command line utility, so you will need to know a little bit about the command prompt environment and the PATH variable. It isn’t hugely tricky to use, just don’t expect a fancy user interface. You’ll be telling the executable what to run and how to run via the command prompt.

Installation requires:

    • Ruby (version 2.2.X is the one I’m using, but 2.3.X may be OK too)
    • DevKit (to add Ruby Gems. Gems are extensions to Ruby, and the DevKit helps to provide a sane environment on Windows when adding them)
    • libcurl.dll (a dynamic link library to help make internet requests using cURL)
    • WPScan (the software itself)

The steps are:

Install Ruby

Download a RubyInstaller .zip file from
Unzip the file and execute it – you will be prompted as follows:
a) Select setup language
b) Ruby License agreement

Ruby installation agreement window
Ruby installation license agreement

c) Installation directory
– check all the additional boxes to help with environment setup (you may not need Tcl/Tk, but if space is no issue, just do it anyway)
– installs in the root of C:\ drive

Ruby installation window
Ruby installation options

Install the DevKit

Download a DevKit for use with Ruby 2.0 and above (32bit version) from
Download here: DevKit-mingw64-32-4.7.2-20130224-1151-sfx.exe

Unzip the file and execute it
a) Edit the extraction path to change from the default user to the root C:\DevKit location as follows:

DevKit default installation path
DevKit default installation path
Devkit install path changed
Devkit install path changed

b) Extraction can take a while, be patient. It looks like it gets stuck at 17% and 35% on my machine…

DevKit install progress
DevKit install progress

c) Open a command prompt (right click on the windows icon in the bottom left and choose Command Prompt (Admin) from the context menu)
d) Go to the installation directory using ‘cd’ cd C:\DevKit
e) Type ruby dk.rb init to initialise the DevKit, ready for binding
f) Type ruby dk.rb install to bind the DevKit to the ruby installation(s) in your path

Install cURL (or just use the libcurl.dll provided)

Download ‘curl-7.46.0-win32.exe’ from Download here:  curl-7-46-0-win32
Download here: libcurl.dll
Run the installation wizard and follow these steps:
a) Ensure that the option to install ‘C headers, lib files and dlls’ is selected

Choosing Curl installation options
Remember to select the libraries

b) cURL should be installed here: C:\Program Files (x86)\cURL
c) Check that the libcurl.dll has been installed here: C:\Program Files (x86)\cURL\dlls as you will need to copy this file later to the Ruby22 binary directory.

Install WPScan

Download WPScan zipfile ‘’ from:

Download here:
Unzip and run the installer
a) Install to C:\wpscan (for simplicity of navigating using the command prompt)
b) Unzip the sample file into the C:\wpscan directory to create C:\wpscan\data
c) Copy the libcurl.dll file from the cURL installation to the following directory C:\Ruby22\bin

Directory of Ruby bin showing libcurl.dll
Place a copy of libcurl.dll in the Ruby bin directory

Install Ruby Gems

It should now be possible to issue the following commands, to install components required by WPScan:
From the command prompt, cd to C:\wpscan and type the following instructions:
gem install bundler
gem install typhoeus
gem install rspec-its
gem install ruby-progressbar
gem install nokogiri
gem install terminal-table
gem install webmock
gem install simplecov
gem install rspec
gem install xml-simple
gem install yajl-ruby
gem install bundler && bundle install --without test

If you receive an error message about SSL when installing (and can’t fix it), then use the following command to add a non SSL source:
gem sources --add

Then try to add the gem packages above again.

Try to run WPScan…

Staying in the C:\wpscan folder:
a) Type ruby wpscan.rb at the command prompt
If you see the following error message, check that you have copied libcurl.dll to the C:\Ruby22\bin directory.

Download here: libcurl.dll

Error message if libcurl is missing
If you see this, copy libcurl.dll to C:\Ruby22\bin

b) Once you have started WPScan successfully, you may be prompted to update the database. Select Y when asked.
If you see the following error message, there is a work around  – turning off SSL verification:

Error message when updating WPScan
Certificate error when updating the WPScan database

To fix this issue, I found and edited the db_updater.rb file located here: C:\wpscan\lib\common

Find this file and edit it
Find this db_updater.rb file and edit it

Change the code as follows by editing the ssl_verifypeer paramter and setting it to false:

Edits to the db_updater.rb file
Change and save the file as shown

It’s working when you see this:

WPScan in the command window
WPScan is working and shows options


You can now use WPScan to analyse WordPress installations for vulnerabilities.

Google postcode search rewards Zoopla

It seems that Zoopla has managed to dominate search results for local postcode search using Google. The UK search results include an information box as shown below:

Zoopla postcodes in Google

Notice that sold house price data for Zoopla is suggested in the information box.

This is likely to give Zoopla an unfair advantage in postcode related search…

Photo Tours removed from Google Maps

Back in 2012, Google maps was given an extra feature – Photo tours. The announcement here on the Google LatLong blogspot site explains how they used to work… sometime in early May 2014, photo tours seem to have been removed – as all links to individual photo tours no longer work.

Here’s a video on how they used to look:

But now if you try to find a Photo Tour on Google Maps, you get blanks where they used to be, for example, the Colosseum:

Notice missing photo tour
Notice missing photo tour

and photo tours are missing from the image carousel in Google maps too:

Notice missing photo tour in carousel
Notice missing photo tour in carousel

Photo tours were one of a selection of Google maps virtual visiting options, others remaining include:

  • photos (submitted by people)
  • photospheres (generated using apps on phones providing full 360 degree views from a specific point)
  • streetview
  • Earth tours (combined with Google Earth showing birds eye fly by views, such as this one of the Eiffel tower)

Google guidelines expained how photo tours were created, using image processing and selected images from Panoramio and Picasa in this help guide:

Every photo is attributed to its contributor, and the more photos people share, the better the tours get. So if you have great photos of places you’ve visited on Picasa or Panoramio, make them public so they’ll be eligible for inclusion in these photo tours!

Here is the full help guide on creation of photo tours that used to live at this URL:

Photo Tours

Google Maps Photo Tours are guided, 3D tours of thousands of landmarks and locations around the globe using photos submitted to Google Maps.

Watch a tour

There are two ways to find and start a Photo Tour:

  • Search for a city or country and look in the info cards.
  • Search for a landmark and open the carousel in the bottom right corner and select the box with the photo tour icon .

Here are a few examples of locations with Photo Tours: the Colosseum, Hagia Sophia, Kōtoku-in, Mont Saint-Michel, Moraine Lake, Sagrada Familia, Shoshone Falls Park, St. Mark’s Basilica, the Trevi Fountain, and the Arch of Titus.

Source of photos

Photo Tours are built from photos that people have submitted to Panoramio or uploaded to a public Picasa photos album.

Google Maps uses state of the art computer vision techniques to organize and relate all the photos in 3D and then group, or cluster, the photos according to what’s seen. If a lot of people take photos in front of a famous cathedral, for example, an algorithm selects the best photo. Photos that someone takes down from Panoramio or Picasa will likewise be removed from Photo Tours.

Learn how to add your own photos.

Report a problem with photos

To report a photo, simply click the Report a problem link in the lower right corner when the inappropriate image appears. You can then submit a report for that particular photo on the photo site that it came from.

That’s how it used to be… but accessing this help page now redirects the visitor to this article about Imagery and the Streetview overview:

The photo tour option is no longer listed:

Available imagery and views

  • Street View: See street-level imagery of a particular area.
  • Earth: See satellite imagery as a globe with 3D, life-like imagery, or watch a 3D Earth tour.
  • Satellite: If you’re running the new Google Maps in Lite mode, your Earth view will appear as satellite imagery instead.
  • Business View: See inside a business without leaving your computer. Or, add your own photos of the place.
  • Photo Spheres: See user-generated panoramas, and then create and share your own photo sphere.
  • Photos: View photos taken by users from all around the world and see photo tours of landmarks.

Well, for the moment, it appears that photo tours have been removed from Google Maps.

Perhaps they are to be integrated within StreetView in the near future – as the products shared similarities and mosaicing images is useful to provide a seemless transition when using Streetview. The photo tour feature may simply get absorbed by StreetView, and is awaiting re-release.

What do you think has happened to photo tours in Google Maps ?

Will they return as part of Streetview?

Share your thoughts below!