WPScan

Wordpress Enumerator & Bruteforcer

Basics

Installation

# Installing
sudo apt-get install wpscan

# Updating
sudo apt update wpscan
# OR
wpscan --update

Simple Scan

wpscan --url www.wordpress.org
wpscan -u www.wordpress.org

Supply API Token (Better scans)

wpscan --url www.wordpress.org --api-token TOKEN

Docker

# Install
docker pull wpscanteam/wpscan

# Enumerate Usernames
docker run -it --rm wpscanteam/wpscan --url www.wordpress.org -e u

Enumeration

# Usernames
wpscan --url www.wordpress.org -e u

# Popular Plugins
wpscan --url www.wordpress.org -e p

# Vulnerable Plugins
wpscan --url www.wordpress.org -e vp

# All Plugins
wpscan --url www.wordpress.org -e ap

# Popular Themes
wpscan --url www.wordpress.org -e t

# Popular Themes
wpscan --url www.wordpress.org -e t

# Vulnerable Themes
wpscan --url www.wordpress.org -e vt

# All Themes
wpscan --url www.wordpress.org -e at

# wp-config.php Backups
wpscan --url www.wordpress.org -e cb

# Database Exports
wpscan --url www.wordpress.org -e dbe

# Scan Vulnerabilities and output to file
wpscan --url <URL> -e vp, u, vt, tt --follow-redirection -v --log filename.log

Password Bruteforce

# Supply Password List
wpscan --url www.wordpress.org -P /path/to/passwords/txt

# Supply Username List
wpscan --url www.wordpress.org -U /path/to/users.txt

Useful Flags

# Supply Custom wp-content Directory
--wp-content-dir

# Random User Agent
--random-user-agent

# Avoid Detection (Limited Checks)
--stealthy

# Disable SSL/TLS Security
--disable0tls-checks

# Disable Wordpress Detection
--force

# Set Detection Mode
--detection-mode [mixed passive aggressive]

PreviousNikto NextNetwork Assessment

Last updated 2 years ago