wpscan

Update the vulnerability database

$ wpscan --update

$ wpscan --url [url]

$ wpscan --url [url] --stealthy

$ wpscan --url [url] --enumerate [vp] --wp-content-dir [remote/path/to/wp-content]

$ wpscan --url [url] --proxy [protocol://ip:port] --proxy-auth [username:password]

$ wpscan --url [url] --enumerate [u]

$ wpscan --url [url] --usernames [username|path/to/usernames.txt] --passwords [path/to/passwords.txt] threads [20]

$ wpscan --url [url] --api-token [token]

wpscan [options] --url

--url
    Specifies the URL of the WordPress site to scan.

--enumerate [option]
    Enumerates users, themes, plugins, or other aspects of the target website. Options include u (users), t (themes), p (plugins), and others. Examples: --enumerate u, --enumerate vp

--passwords
    Specifies a wordlist to use for brute-force password attacks.

--username
    Specifies a username to use for brute-force password attacks.

--wordlist
    Specifies a wordlist to use when brute forcing passwords with username

--threads
    Sets the number of threads to use for parallel processing.

--proxy
    Specifies a proxy server to use for requests.

--api-token
    Specifies a WPScan API token for enhanced scanning capabilities.

--update
    Updates the WPScan database to the latest version.

--verbose
    Enables verbose output for more detailed information.

--no-color
    Disables color output in the terminal.

--version
    Displays the version number.

--help
    Show help about commands

wpscan is a black box WordPress vulnerability scanner. It's used to identify security vulnerabilities in WordPress core, themes, and plugins. It automates the process of discovering potential weaknesses that could be exploited by attackers.
wpscan uses a variety of techniques, including brute-force password attacks, vulnerability database lookups, and detection of outdated software versions. It can enumerate users, themes, plugins, and perform various security checks to assess the overall security posture of a WordPress site. The tool is widely used by security professionals and website administrators to proactively identify and remediate security issues before they can be exploited. Regular scans with wpscan can help prevent website defacement, data breaches, and other security incidents related to WordPress.

wpscan relies on an up-to-date vulnerability database. Outdated databases can lead to inaccurate or incomplete scan results. Running wpscan against websites without permission is illegal and unethical. Rate limiting by the target server can impact scan results. Some checks require a WPScan API token which needs to be purchased.

wpscan should only be used on websites you own or have explicit permission to scan. Unauthorized scanning is illegal and can cause harm. Always respect the website's terms of service and robots.txt file.

Using the wpscan API token allows for faster and more accurate scanning. It provides access to the latest vulnerability data and enhanced features. Without the API token some functions are limited.

wpscan was initially developed to provide a dedicated security scanning tool specifically for WordPress. It has evolved over time to incorporate new techniques, address emerging vulnerabilities, and improve overall accuracy. The tool has become an essential resource for security professionals and website administrators to identify and mitigate potential threats targeting WordPress websites.

nmap(1), nikto(1)