wpscanweb
What is the purpose of wpscan?
WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.
Core Features
- Detects WordPress core, theme, and plugin vulnerabilities
- Enumerates users, themes, and plugins
- Checks for exposed configuration files and database exports
- Integrates with the WPScan Vulnerability Database API
Common Wpscan Commands
1. Basic Scan
Performs a basic scan of the target WordPress site.
bash
wpscan --url <target>2. Enumerate Plugins
Enumerates installed plugins on the target site.
bash
wpscan --url <target> --enumerate p3. Enumerate Users
Enumerates registered users on the target site.
bash
wpscan --url <target> --enumerate u4. API Token Integration
Uses the WPScan API token to get vulnerability data.
bash
wpscan --url <target> --api-token <token>Output Examples of Wpscan Commands
[+] WordPress version 5.8.1 identified
[!] 2 vulnerabilities identified:
| - Title: WordPress <= 5.8.1 - Authenticated SQL Injection
| - Fixed in: 5.8.2
[+] Enumerating Vulnerable Plugins
[!] plugin-x v1.0 is vulnerable