How to use WPScan on Windows using Docker

パソコン



I want to use the security check tool WPScan

Hi, this is maru.

Recently, I’ve been doing some tweaking to the site’s settings. It’s called maintenance.

During the maintenance, I became concerned about the security of the site.

I use WordPress on this site, and I often hear about WordPress vulnerability or WordPress tampering.

So I was looking for a good tool to check my site for vulnerabilities, and I came across a tool called WPScan (WordPress Security Scanner).

WPScan is a security checking tool that scans your site and checks for vulnerabilities. With this, I’m talking about checking your own site for vulnerabilities.

Translated with www.DeepL.com/Translator (free version)

How to use WPScan in a Windows environment

I was looking into how to use WPScan, but it seems to be a Linux-based tool.

I was wondering if there is a way to use WPScan in a Windows environment, and I found out that it is possible by using Docker. I have heard a lot about Docker recently, haven’t I?

I decided to learn about Docker while installing WPScan.

About Docker

Docker is a system that allows users to build a virtual environment using container technology provided by Docker.

For example, VMware is a virtual environment, but VMware requires the creation of a guest OS before building a virtual environment; with Docker, there is no need to build a guest OS, and you can run as if another machine is running inside the host.

This is a very easy way to use Docker when you need a tool for Linux, but don’t want to build a Linux environment.

Translated with www.DeepL.com/Translator (free version)

How to download and install Docker

First, download the Docker installer for Windows from Docker’s official website.

Simply double-click the downloaded Docker installer to complete the installation.

Now, I thought, I can use Docker on Windows, so I tried to start Docker, but some error message appeared on the desktop.


The error message is as follows

Docker Desktop – Access denied

You are not allowed to use Docker

You must be in the “docker-users” group

Hmmm, what does it mean?

I checked online and it seems that the reason is that the Windows user account in use is not added to the docker-users group.

If you are using Docker with administrator privileges, I don’t think you will get this error message. But if you are using Docker with a non-administrator account, then you need to add that account to the docker-users group.

Adding user accounts to docker-users group

First, open Computer Management by right-clicking on the Windows symbol.

From the Computer Management screen of the launched computer, select Local Users and Groups.

You will see two folders, Users and Groups, so select Groups.

Then select docker-users from the list of groups.

The docker-users properties screen will appear, select add.

Enter the name of the object (user name) you wish to add in the add screen and press OK.

The user will now be added to the properties screen.


Start Docker again.

Start Docker again with the user added.

You will see the message “Docker Desktop stopping…” on the screen when you start Docker, which indicates that Docker is not yet running.


If you get the error message WSL 2 installation is incomplete

After starting Docker, I get an error message saying that WSL 2 installation is incomplete.

WSL stands for Windows Subsystem for Linux, which is a system that allows you to use Linux on Windows.

This error message means that the installation of WSL2 is not complete.

The link in the error message https://aka.ms/wsl2kernel Click here. takes you to the official Microsoft page.

From here further click on the link for the WSL2 Linux kernel update package for x64 machines.

After clicking the link, a package for updating wls will be downloaded, so run this package.

After that, follow the instructions of Penguin Linux to update WSL.

Launch Docker

When you have completed the configuration up to this point, the Docker error message will disappear and you will see a screen that says “Get Started with Docker in a few easy steps!

Follow the Docker configuration wizard to complete the initial setup.


Once the initial setup is complete, the Docker menu screen will appear.

This completes the Docker installation process.

Let’s run Docker with PowerShell.

Start PowerShell and run the

  command docker version

command.

If Docker is properly installed, Docker version information will be displayed here.

And while we’re at it

  command docker run hello-world

to run the official hello-world container.

Containers are boxes that contain applications and middleware, allowing you to freely and easily use a variety of containers on a single OS. It is similar to the containers used in logistics.

Execution of WPScan

Now, we are very preliminary to running WPScan.

Just as we ran the container named hello-world earlier, you can use WPScan by running the WPScan container.

The command is docker run -it -rm wpscanteam/wpscan -url site URL

and so on.

WPScan has been successfully started.

summary

These are the steps to download and install Docker and run WPScan.

We will eventually write an article about the status of security inspection of the site using WPScan.

関連記事:

  1. Installation on Windows using emulator QEMU and image file conversion for VMware (qcow2 -> vmdk)
  2. How to install Ubuntu on VMware virtual environment (using iso files)
  3. [2022 Newest Version] Google Analytics and Adsense links were not set up… I’ll walk you through the steps to set up your tracking code! [GA4]
  4. [2022] GoogleAdsence has been shut down! My Experience
タイトルとURLをコピーしました