wpscan
WordPress vulnerability scanner. More information: https://github.com/wpscanteam/wpscan.
- Update the vulnerability database:
wpscan --update
- Scan a WordPress website:
wpscan --url url
- Scan a WordPress website, using random user agents and passive detection:
wpscan --url url --stealthy
- Scan a WordPress website, checking for vulnerable plugins and specifying the path to the
wp-contentdirectory:
wpscan --url url --enumerate vp --wp-content-dir remote/path/to/wp-content
- Scan a WordPress website through a proxy:
wpscan --url url --proxy protocol://ip:port --proxy-auth username:password
- Perform user identifiers enumeration on a WordPress website:
wpscan --url url --enumerate u
- Execute a password guessing attack on a WordPress website:
wpscan --url url --usernames username|path/to/usernames.txt --passwords path/to/passwords.txt threads 20
- Scan a WordPress website, collecting vulnerability data from the WPVulnDB (https://wpvulndb.com/):
wpscan --url url --api-token token