-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathWordpress
39 lines (22 loc) · 1.26 KB
/
Wordpress
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Cheatsheet:
https://blog.wpscan.com/wpscan/cheatsheet/poster/2019/11/05/wpscan-cli-cheat-sheet-poster.html
https://www.exploit-db.com/docs/english/45556-wordpress-penetration-testing-using-wpscan-and-metasploit.pdf
Commands:
Default scan:
wpscan --url wordpress.example.com
Scan output
wpscan --url http://wordpress.example.com -o scan-test
Detection mode scan - 3 options passive, aggressive, mixed(default)
wpscan --url wordpress.example.com -o test --detection-mode aggressive
Vulnerable Plugins Scan (vp (vulnerable plugins), ap (all plugins), p (plugins)
wpscan --url wordpress.example.com -e vp
Vulnerable Themes Scan [vt (Vulnerable themes), at (All themes), t (Themes)]
wpscan --url wordpress.example.com -e vt
Enumerate WordPress Users
wpscan --url wordpress.example.com -e u
Password Strength/Bruteforce Attack against a WordPress User
wpscan --url wordpress.example.com -P password-file.txt -U admin -t 50
To test for password strength for multiple users without the specific username specified.
wpscan --url wordpress.example.com -P password-file.txt -t 50
Run WordPress scan in undetectable mode (--random-user-agent --detection-mode passive --plugins-version-detection passive), specify the --stealthy option.
wpscan --url wordpress.example.com --stealthy