πŸ‘¨β€πŸ’»
Jawad's Notes
  • πŸ‘¨β€πŸ«INFOSEC
    • πŸ•ΈοΈWeb
      • Burp Suite: Setting Foxyproxy
      • XSS
      • Wappalyzer
      • Directory Traversal
      • LFI
        • PHP Wrappers
        • RFI
      • Reverse Shell
        • Command Injection Quick Tips
      • File Upload
      • WPScan
      • SQL Injection
        • Schemas
        • SQLmap
        • MSSQL
        • MySQL
        • PostgreSQL
    • πŸ”§Tools
      • Whois
      • DNSRecon
      • DNSenum
      • nslookup
      • Netcat
        • Powercat
      • Nmap
        • Nmap Scripting Engine
        • Test-NetConnection
        • Grep
      • Server Message Block (SMB)
      • SNMP
      • SMTP
      • ExifTool
      • Search Engine Hacking
      • Source Control Hacking
      • Nessus
      • Canarytokens
      • Qualys SSL Server Test
      • Security Headers
      • theHarvester
      • Shodan
      • Gobuster
        • Dirb
      • Searchsploit
      • Password Cracking
        • Hashcat
        • John The Ripper
        • Hydra
        • hashID
        • CPU vs GPU
    • 🐧Linux
      • Symbols
      • cat
      • curl
      • openvpn
      • tcpdump
      • Remote Desktop
      • SmbShare
      • Tmux
      • Convert Windows-style line endings (CRLF) to Unix-style (LF)
      • SSH
    • πŸ–₯️Macros in Office
    • 🍎Enhancing Your MacOS Terminal Experience
    • 🚩CTF
      • SQL Injection
        • WHERE clause allowing retrieval of hidden data
        • Allowing login bypass
        • UNION attack, determining the number of columns returned by the query
        • UNION attack, finding a column containing text
        • UNION attack, retrieving data from other tables
        • UNION attack, retrieving multiple values in a single column
        • Querying the database type and version on Oracle
Powered by GitBook
On this page
  1. INFOSEC
  2. Web

WPScan

WPScan is a free, open-source security tool designed for WordPress, used primarily to identify security vulnerabilities. It is well-suited for black box testing and offers comprehensive scanning capabilities.

Key Features:

  • Scans for vulnerabilities in WordPress core, plugins, and themes.

  • Enumerates users, plugins, themes, and weak passwords.

  • Integrates with the WPScan Vulnerability Database.

Command-Line Examples:

  • Scan for Vulnerabilities:

    wpscan --url example.com

  • Enumerate Users:

    wpscan --url example.com --enumerate u

  • Brute Force Password Attack:

    wpscan --url example.com --passwords /path/to/passwords.txt --usernames admin

  • Check for Vulnerable Plugins:

    wpscan --url example.com --enumerate vp

Regular scanning with WPScan is recommended as part of a robust WordPress security strategy.

PreviousFile UploadNextSQL Injection

Last updated 1 year ago

πŸ‘¨β€πŸ«
πŸ•ΈοΈ
Page cover image