wpscan

Wordpress vulnerability scanner.

TLDR

Update the vulnerability database

>_ wpscan --update
copy

Scan a Wordpress website

>_ wpscan --url [url]
copy

Scan a Wordpress website, using random user agents and passive detection

>_ wpscan --url [url] --stealthy
copy

Scan a Wordpress website, checking for vulnerable plugins and specifying the path to the wp-content directory

>_ wpscan --url [url] --enumerate [vp] --wp-content-dir [remote/path/to/wp-content]
copy

Scan a Wordpress website through a proxy

>_ wpscan --url [url] --proxy [protocol://ip:port] --proxy-auth [username:password]
copy

Perform user identifiers enumeration on a Wordpress website

>_ wpscan --url [url] --enumerate [u]
copy

Execute a password guessing attack on a Wordpress website

>_ wpscan --url [url] --usernames [username|path/to/usernames.txt] --passwords [path/to/passwords.txt] threads [20]
copy

Scan a Wordpress website, collecting vulnerability data from the WPVulnDB (https://wpvulndb.com/)

>_ wpscan --url [url] --api-token [token]
copy

Copied to clipboard
free 100$ digital ocean credit