KCN

Kaldei's Cybersecurity Notes

WPSCAN

A WordPress security scanner.

https://github.com/wpscanteam/wpscan

Basis

wpscan --url [TARGET_IP] -e u,vp,vt
Scan Wordpress.

Flags

-e vp
Enumerate Vulnerable Plugins.
-e vt
Enumerate Vulnerable Themes.
-e cb
Enumerate Config Backups.
-e dbe
Enumerate DB Exports.
-e u
Enumerate Users.

wpscan --url http://[TARGET_IP]/blog --usernames admin --passwords /usr/share/wordlists/rockyou.txt
Brute force WordPress user's credentials.