WPScan

Info, Red Teaming, 2023

Description:

WordPress Security Scanner(WPScan) is used to test WordPress installations and WordPress-powered websites, it enumerates details and checks them against its database of vulnerabilities and exploits.

Checks for themes :

wpscan --url http://example.com/ --enumerate t

Checks for Plugins :

wpscan --url http://example.com/ --enumerate p

Checks for users :

wpscan --url http://example.com/ --enumerate u

Checks for vulnerable plugins :

wpscan --url http://example.com/ --enumerate vp

Password attacks :

wpscan --url http://example.com/ --passwords WORDLIST --usernames USERNAME

Adjusting WPScan’s Aggressiveness (WAF) :

--plugins-detection (aggressive or passive)

Bypassing simple WAFs :

--random-user-agent

Some rooms from Tryhackme where you can practice using WPScan :

Blog
ColddBox: Easy
All in One
Jeff
Jack

WPScan Repository

Share on

Twitter Facebook LinkedIn

Ayman ZERDA

Description:

Share on