# WPScan

{% embed url="<https://wpscan.com/>" %}

### Basics

#### Installation

```bash
# Installing
sudo apt-get install wpscan

# Updating
sudo apt update wpscan
# OR
wpscan --update
```

#### Simple Scan

```bash
wpscan --url www.wordpress.org
wpscan -u www.wordpress.org
```

#### Supply API Token (Better scans)

```bash
wpscan --url www.wordpress.org --api-token TOKEN
```

#### Docker

```bash
# Install
docker pull wpscanteam/wpscan

# Enumerate Usernames
docker run -it --rm wpscanteam/wpscan --url www.wordpress.org -e u
```

### Enumeration

```bash
# Usernames
wpscan --url www.wordpress.org -e u

# Popular Plugins
wpscan --url www.wordpress.org -e p

# Vulnerable Plugins
wpscan --url www.wordpress.org -e vp

# All Plugins
wpscan --url www.wordpress.org -e ap

# Popular Themes
wpscan --url www.wordpress.org -e t

# Popular Themes
wpscan --url www.wordpress.org -e t

# Vulnerable Themes
wpscan --url www.wordpress.org -e vt

# All Themes
wpscan --url www.wordpress.org -e at

# wp-config.php Backups
wpscan --url www.wordpress.org -e cb

# Database Exports
wpscan --url www.wordpress.org -e dbe

# Scan Vulnerabilities and output to file
wpscan --url <URL> -e vp, u, vt, tt --follow-redirection -v --log filename.log
```

### Password Bruteforce

```bash
# Supply Password List
wpscan --url www.wordpress.org -P /path/to/passwords/txt

# Supply Username List
wpscan --url www.wordpress.org -U /path/to/users.txt
```

### Useful Flags

```bash
# Supply Custom wp-content Directory
--wp-content-dir

# Random User Agent
--random-user-agent

# Avoid Detection (Limited Checks)
--stealthy

# Disable SSL/TLS Security
--disable0tls-checks

# Disable Wordpress Detection
--force

# Set Detection Mode
--detection-mode [mixed passive aggressive]
```