WPscan

The WPScan CLI tool is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites.

Install

gem install wpscan

Run

wpscan -h

Usage

//Basic scan
wpscan --url https://target.tld/

//Stealthy scan
wpscan --stealthy --url https://target.tld/

//Enumerating users
wpscan --url https://target.tld/ --enumerate u

//Enumerating a range of usernames
wpscan --url https://target.tld/ --enumerate u1-100

//Brute forcing WP login
wpscan –-url http://example.com –-passwords rockyou.txt –-usernames andy –-max-threads 50

Update

wpscan --update

Resources:

https://www.geeksforgeeks.org/use-sqlmap-test-website-sql-injection-vulnerability/

https://www.wpwhitesecurity.com/strong-wordpress-passwords-wpscan/

PreviousSQLmap NextActive Directory Overview

Last updated 4 years ago

Was this helpful?