WPScan

https://tryhackme.com/room/webenumerationv2 Task 7

Use to enumerate sites using Word Press

Summary - Cheatsheet

Flag
Description
Full Example

p

Enumerate Plugins

--enumerate p

t

Enumerate Themes

--enumerate t

u

Enumerate Usernames

--enumerate -u

v

Use WPVulnDB to cross-reference for vulnerabilities. Example command looks for vulnerable plugins (p)

--enumerate vp

aggressive

This is an aggressiveness profile for WPScan to use.

--plugins-detection aggressive

This will bruteforce a website with username phreakazoid and try all passwords from the rockyou.txt

wpscan --url http://wpscan.thm --passwords /usr/share/wordlists/rockyou.txt --usernames phreakazoid

PreviousNiktoNextLINUX

Last updated