Last active
November 22, 2021 19:32
-
-
Save hoodoer/4d78578ed84200b8a7c85849519be58b to your computer and use it in GitHub Desktop.
WPScan commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wpscan.rb --url http://yourwebsite.com --enumerate dbe | |
| database exports | |
| wpscan.rb --url http://yourwebsite.com --enumerate cb | |
| config backups | |
| wpscan.rb --url http://yourwebsite.com --enumerate vp | |
| vuln plugins | |
| wpscan.rb --url http://yourwebsite.com --enumerate vt | |
| vuln themes | |
| wpscan.rb --url http://yourwebsite.com --enumerate u | |
| enumerate users | |
| wpscan.rb --url http://yourwebsite.com --passwords passwords.txt threads 50 | |
| password brute force | |
| If you're proxy'ing wpscan (tor, etc.) and have ssl issues, you can add the tls disable flag: | |
| wpscan --url https://yourwebsite.com --wordlist passwords.txt --proxy http://127.0.0.1:8080 --disable-tls-checks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment