WPScan

WPScan is a free, open-source security tool designed for WordPress, used primarily to identify security vulnerabilities. It is well-suited for black box testing and offers comprehensive scanning capabilities.

Key Features:

Scans for vulnerabilities in WordPress core, plugins, and themes.
Enumerates users, plugins, themes, and weak passwords.
Integrates with the WPScan Vulnerability Database.

Command-Line Examples:

Scan for Vulnerabilities:
```
wpscan --url example.com
```
Enumerate Users:
```
wpscan --url example.com --enumerate u
```

Brute Force Password Attack:

wpscan --url example.com --passwords /path/to/passwords.txt --usernames admin

Check for Vulnerable Plugins:
```
wpscan --url example.com --enumerate vp
```

Regular scanning with WPScan is recommended as part of a robust WordPress security strategy.

PreviousFile Upload NextSQL Injection

Last updated 1 year ago