Issue
Some students may experience an issue when attempting to register for a WPScan account during the CEH lab: Module 14 – Hacking Web Applications.
When accessing the following page from the Parrot Security VM browser:
https://wpscan.com/register
the page may load without displaying the registration form or login option. In some cases, only the page header and footer are visible.
This behavior occurs because the WPScan website may block or partially serve content to certain virtual lab environments or cloud-based networks.
Impact
If the registration form does not appear, you will not be able to create a WPScan account directly from the lab environment.
This may prevent you from obtaining the API token required to complete the WPScan scan command in the lab.
Solution / Workaround
You can create the WPScan account outside of the lab environment and still use it successfully inside the lab.
Step 1 – Create the Account on Your Local Computer
On your personal computer or mobile device, open a browser and navigate to:
https://wpscan.com/register
Create a WPScan account and verify your email address.
Step 2 – Retrieve Your API Token
After logging in, navigate to your WPScan profile dashboard and copy your API Token.
Step 3 – Use the Token in the Lab VM
Return to the Parrot Security VM in the lab and run the WPScan command using the API token.
Example:
wpscan --url http://<target-site> --api-token YOUR_API_TOKEN
The WPScan tool will use the token to query the vulnerability database.
Additional Notes
- You do not need to log in to WPScan from the lab VM browser.
- The API token works regardless of where the account was created.
- Creating the account on your local device will not affect your ability to complete the lab.
If You Continue to Experience Issues
If you encounter additional problems running WPScan in the lab environment, please contact support and include:
- your course name
- the lab module
- a screenshot of the error message
Comments