killchain-compendium/Enumeration/wpscan.md

36 lines
501 B
Markdown

# WPScan
## Themes
```sh
wpscan --url <URL> --enumerate t
```
* `ls` for content
## Plugins
```sh
wpscan --url <URL> --enumerate p
```
## Users
```sh
wpscan --url <URL> --enumerate u
```
## Vulnerabilities
* WPVulnDB API is needed
* Plugins
```sh
wpscan --url <URL> --enumerate vp
```
## Password attack
```sh
wpscan --url <URL> --passwords <wordlist> --usernames <usersFromEnumeration>
```
## WAF Aggressiveness
```sh
wpscan --url <URL> --enumerate p --plugins-detection <aggressive/passive>