Wordpress
Manual enumeration
Enumerate users by reviewing the archives and taking note of authors of blog posts
If you identify a login page, attempt to login with common credentials (admin, password, etc.).
Pay attention to errors produced through failed logins
wpscan
wpscan is an open source scanner included with Kali.
If you use another distro you can download it here: https://github.com/wpscanteam/wpscan
Documentation here: https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation
Enumerating users
wpscan --url https://target.tld/ --enumerate u
wpscan --url example.com -e u
wpscan --url https://target.tld/ --enumerate u1-100
Brute force
wpscan --url example.com -e u --passwords /path/to/password_file.txt
wpscan --url example.com --passwords /usr/share/wordlists/rockyou.txt --usernames admin --max-threads 50
Scanning plugins
wpscan --url example.com -e vp --plugins-detection mixed --api-token YOUR_TOKEN
Enumeration modes
To enumerate version, plugins or themes, select from three modes: passive, aggressive, mixed.
The default is mixed
for most items, and passive
for plugin detection. To override the default use the--plugins-detection
option.
Mixed - provides the most results
Passive - useful when server overload is a concern
Aggressive - most aggressive
Other enumeration options
The following enumeration options are available and should be preceded by the -e
flag. If no additional options are provided the default is: vp,vt,tt,cb,dbe,u,m
vp
(Vulnerable plugins)ap
(All plugins)p
(Popular plugins)vt
(Vulnerable themes)at
(All themes)t
(Popular themes)tt
(Timthumbs)cb
(Config backups)dbe
(Db exports)u
(User IDs range. e.g: u1-5)m
(Media IDs range. e.g m1-15
Last updated