Wordpress
Last updated
Last updated
Enumerate users by reviewing the archives and taking note of authors of blog posts
If you identify a login page, attempt to login with common credentials (admin, password, etc.).
Pay attention to errors produced through failed logins
wpscan is an open source scanner included with Kali.
If you use another distro you can download it here:
Documentation here:
To enumerate version, plugins or themes, select from three modes: passive, aggressive, mixed.
The default is mixed
for most items, and passive
for plugin detection. To override the default use the--plugins-detection
option.
The following enumeration options are available and should be preceded by the -e
flag. If no additional options are provided the default is: vp,vt,tt,cb,dbe,u,m
vp
(Vulnerable plugins)
ap
(All plugins)
p
(Popular plugins)
vt
(Vulnerable themes)
at
(All themes)
t
(Popular themes)
tt
(Timthumbs)
cb
(Config backups)
dbe
(Db exports)
u
(User IDs range. e.g: u1-5)
m
(Media IDs range. e.g m1-15