wpscan
WordPress vulnerability scanner. More information: https://github.com/wpscanteam/wpscan.
- Update the vulnerability database:
wpscan --update
- Scan a WordPress website:
wpscan --url
url
- Scan a WordPress website, using random user agents and passive detection:
wpscan --url
url --stealthy
- Scan a WordPress website, checking for vulnerable plugins and specifying the path to the
wp-content
directory:
wpscan --url
url --enumerate
vp --wp-content-dir
remote/path/to/wp-content
- Scan a WordPress website through a proxy:
wpscan --url
url --proxy
protocol://ip:port --proxy-auth
username:password
- Perform user identifiers enumeration on a WordPress website:
wpscan --url
url --enumerate
u
- Execute a password guessing attack on a WordPress website:
wpscan --url
url --usernames
username|path/to/usernames.txt --passwords
path/to/passwords.txt threads
20
- Scan a WordPress website, collecting vulnerability data from the WPVulnDB (https://wpvulndb.com/):
wpscan --url
url --api-token
token