search

WPscan

The WPScan CLI tool is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites.

hashtag
Install

gem install wpscan

hashtag
Run

wpscan -h

hashtag
Usage

//Basic scan
wpscan --url https://target.tld/

//Stealthy scan
wpscan --stealthy --url https://target.tld/

//Enumerating users
wpscan --url https://target.tld/ --enumerate u

//Enumerating a range of usernames
wpscan --url https://target.tld/ --enumerate u1-100

//Brute forcing WP login
wpscan –-url http://example.com –-passwords rockyou.txt –-usernames andy –-max-threads 50

hashtag
Update

Resources:

https://www.geeksforgeeks.org/use-sqlmap-test-website-sql-injection-vulnerability/arrow-up-right

https://www.wpwhitesecurity.com/strong-wordpress-passwords-wpscan/arrow-up-right

PreviousSQLmapNextActive Directory Overview

Last updated