# WPScan

## Themes
```sh
wpscan --url <URL> --enumerate t
```

* `ls` for content

## Plugins
```sh
wpscan --url <URL> --enumerate p
```

## Users
```sh
wpscan --url <URL> --enumerate u
```

## Vulnerabilities
* WPVulnDB API is needed
* Plugins
```sh
wpscan --url <URL> --enumerate vp
```

## Password attack
```sh
wpscan --url <URL> --passwords <wordlist> --usernames <usersFromEnumeration>
```

## WAF Aggressiveness
```sh
wpscan --url <URL> --enumerate p --plugins-detection <aggressive/passive>