• Tools
  • Features
  • Resources

Introduction

Getting Started

Platform Features

Scanning
AI Analysis
Code Scanning (SAST)
Reports
Dashboard & Analytics

Developer Reference

REST API
CLI Reference
CI/CD Integration
Tool Tactics
SubfinderNmapKatanaNucleiHttpxGitleaksWPScan

wpscanweb

What is the purpose of wpscan?

WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

Core Features

  • Detects WordPress core, theme, and plugin vulnerabilities
  • Enumerates users, themes, and plugins
  • Checks for exposed configuration files and database exports
  • Integrates with the WPScan Vulnerability Database API

Common Wpscan Commands

1. Basic Scan

Performs a basic scan of the target WordPress site.

bash
wpscan --url <target>

2. Enumerate Plugins

Enumerates installed plugins on the target site.

bash
wpscan --url <target> --enumerate p

3. Enumerate Users

Enumerates registered users on the target site.

bash
wpscan --url <target> --enumerate u

4. API Token Integration

Uses the WPScan API token to get vulnerability data.

bash
wpscan --url <target> --api-token <token>

Output Examples of Wpscan Commands

[+] WordPress version 5.8.1 identified [!] 2 vulnerabilities identified: | - Title: WordPress <= 5.8.1 - Authenticated SQL Injection | - Fixed in: 5.8.2 [+] Enumerating Vulnerable Plugins [!] plugin-x v1.0 is vulnerable
Previous
Gitleaks
⌘K

On this page

PurposeCore FeaturesCommon CommandsOutput Examples