killchain-compendium/Enumeration/wpscan.md

# WPScan

## Themes
```sh
wpscan --url <URL> --enumerate t
```

* `ls` for content

## Plugins
```sh
wpscan --url <URL> --enumerate p
```

## Users
```sh
wpscan --url <URL> --enumerate u
```

## Vulnerabilities
* WPVulnDB API is needed
* Plugins
```sh
wpscan --url <URL> --enumerate vp
```

## Password attack
```sh
wpscan --url <URL> --passwords <wordlist> --usernames <usersFromEnumeration>
```

## WAF Aggressiveness
```sh
wpscan --url <URL> --enumerate p --plugins-detection <aggressive/passive>
restructured enumeration 2022-11-13 01:16:26 +01:00			`# WPScan`

			`## Themes`
			```sh
			`wpscan --url <URL> --enumerate t`
			```

			* `ls` for content

			`## Plugins`
			```sh
			`wpscan --url <URL> --enumerate p`
			```

			`## Users`
			```sh
			`wpscan --url <URL> --enumerate u`
			```

			`## Vulnerabilities`
			`* WPVulnDB API is needed`
			`* Plugins`
			```sh
			`wpscan --url <URL> --enumerate vp`
			```

			`## Password attack`
			```sh
			`wpscan --url <URL> --passwords <wordlist> --usernames <usersFromEnumeration>`
			```

			`## WAF Aggressiveness`
			```sh
			`wpscan --url <URL> --enumerate p --plugins-detection <aggressive/passive>`