# Wordpress

### Manual enumeration

* Enumerate users by reviewing the archives and taking note of authors of blog posts
* If you identify a login page, attempt to login with common credentials (admin, password, etc.).
  * Pay attention to errors produced through failed logins

### wpscan

wpscan is an open source scanner included with Kali.

If you use another distro you can download it here: <https://github.com/wpscanteam/wpscan>

Documentation here:  <https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation>

#### Enumerating users

```
wpscan --url https://target.tld/ --enumerate u
wpscan --url example.com -e u
wpscan --url https://target.tld/ --enumerate u1-100
```

#### Brute force

```
wpscan --url example.com -e u --passwords /path/to/password_file.txt
```

```
wpscan --url example.com --passwords /usr/share/wordlists/rockyou.txt --usernames admin --max-threads 50
```

#### Scanning plugins

```
wpscan --url example.com -e vp --plugins-detection mixed --api-token YOUR_TOKEN
```

#### Enumeration modes

To enumerate version, plugins or themes, select from three modes:  `passive, aggressive, mixed.`  The default is `mixed` for most items, and  `passive` for plugin detection.  To override the default use the`--plugins-detection` option.

```
Mixed - provides the most results
Passive - useful when server overload is a concern
Aggressive - most aggressive
```

#### Other enumeration options

The following enumeration options are available and should be preceded by the `-e` flag.  If no additional options are provided the default is: `vp,vt,tt,cb,dbe,u,m`

* `vp` (Vulnerable plugins)
* `ap` (All plugins)
* `p` (Popular plugins)
* `vt` (Vulnerable themes)
* `at` (All themes)
* `t` (Popular themes)
* `tt` (Timthumbs)
* `cb` (Config backups)
* `dbe` (Db exports)
* `u` (User IDs range. e.g: u1-5)
* `m` (Media IDs range. e.g m1-15


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.oncyberwar.com/3.-enumeration/wordpress.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.