wpscan

Scan WordPress site

$ wpscan --url [https://example.com]

$ wpscan --url [https://example.com] -e u

$ wpscan --url [https://example.com] -e vp

$ wpscan --url [https://example.com] -e vt

$ wpscan --url [https://example.com] -e ap,at,u

$ wpscan --url [https://example.com] -U [admin] -P [passwords.txt]

$ wpscan --url [https://example.com] --api-token [TOKEN]

$ wpscan --url [https://example.com] -o [output.txt]

wpscan [--url url] [-e enumerate] [-U user] [-P passwords] [options]

wpscan is a WordPress security scanner. It identifies vulnerabilities, misconfigurations, and weak credentials.
User enumeration finds valid usernames through various techniques. These can be used for targeted attacks.
Plugin and theme enumeration identifies installed components. Vulnerable plugins are a major attack vector for WordPress.
The vulnerability database requires an API token. Free tokens have limited requests; paid tokens provide more.
Password brute forcing tests credentials. Rate limiting may apply; use responsibly.
Detection modes balance stealth versus thoroughness. Aggressive mode may trigger security plugins.

--url URL

Target URL.

Enumeration options.

Username for brute force.

Password wordlist.

WPScan API token.

Output file.

Output format (cli, json, etc.).

Random user agent.

wp-content directory.

Detection mode (mixed, passive, aggressive).

Don't check if target is WordPress.

Verbose mode.

u

Users.

Vulnerable plugins.

All plugins.

Vulnerable themes.

All themes.

Config backups.

DB exports.

Only use with authorization. May trigger security alerts. API token needed for vulnerability data. Resource intensive for full scans.

WPScan was created by the WPScan Team around 2011. It became the standard WordPress security assessment tool, used by security professionals and bug bounty hunters.

nmap(1), nikto(1), sqlmap(1), burp(1)