# Installing
sudo apt-get install wpscan
# Updating
sudo apt update wpscan
# OR
wpscan --update
wpscan --url www.wordpress.org
wpscan -u www.wordpress.org
Supply API Token (Better scans)
wpscan --url www.wordpress.org --api-token TOKEN
# Install
docker pull wpscanteam/wpscan
# Enumerate Usernames
docker run -it --rm wpscanteam/wpscan --url www.wordpress.org -e u
# Usernames
wpscan --url www.wordpress.org -e u
# Popular Plugins
wpscan --url www.wordpress.org -e p
# Vulnerable Plugins
wpscan --url www.wordpress.org -e vp
# All Plugins
wpscan --url www.wordpress.org -e ap
# Popular Themes
wpscan --url www.wordpress.org -e t
# Popular Themes
wpscan --url www.wordpress.org -e t
# Vulnerable Themes
wpscan --url www.wordpress.org -e vt
# All Themes
wpscan --url www.wordpress.org -e at
# wp-config.php Backups
wpscan --url www.wordpress.org -e cb
# Database Exports
wpscan --url www.wordpress.org -e dbe
# Scan Vulnerabilities and output to file
wpscan --url <URL> -e vp, u, vt, tt --follow-redirection -v --log filename.log
# Supply Password List
wpscan --url www.wordpress.org -P /path/to/passwords/txt
# Supply Username List
wpscan --url www.wordpress.org -U /path/to/users.txt
# Supply Custom wp-content Directory
--wp-content-dir
# Random User Agent
--random-user-agent
# Avoid Detection (Limited Checks)
--stealthy
# Disable SSL/TLS Security
--disable0tls-checks
# Disable Wordpress Detection
--force
# Set Detection Mode
--detection-mode [mixed passive aggressive]
