WPScan

WordPress security scanner for vulnerability detection and enumeration

Web Vulnerabilities10 commands

#wordpress#cms#scanner#vulnerability

Installation

1Install via gem

2Install dependencies

3Verify installation

# Using gem
gem install wpscan

# Verify
wpscan --version

Basic Usage

Enumerate WordPress vulnerabilities, users, plugins, and themes

# Basic scan
wpscan --url https://target.com

# Enumerate users
wpscan --url https://target.com --enumerate u

# With API token for better results
wpscan --url https://target.com --api-token TOKEN

Command Reference

10 commands

1Target WordPress URL

--url

2Enumerate (u=users, p=plugins, t=themes)

--enumerate

3WPVulnDB API token for live data

--api-token

4Password brute forcing (xmlrpc, wp-login)

--password-attack

5Plugin version detection mode

--plugins-version-detection

6Output to file

-o

7Output format (cli, json, etc.)

--format

8Proxy for requests

--proxy

9Cookie string for authentication

--cookie

10Randomize user agent

--random-user-agent

When to Use

WordPress reconnaissance and security auditing

Vulnerability scanning for known CVEs

User enumeration for brute force targets

Plugin and theme version checking

Password brute forcing on WordPress sites

Notes & Tips

API token from WPVulnDB required for real-time vulnerability data

Rate limiting may apply; use --throttle flag if needed

Works best with full access to the target site

Common Errors & Solutions

Connection refused

Ensure the target URL is correct and reachable

API token required

Too many redirects

Use --follow-redirection or check URL format

WPScan

WordPress security scanner for vulnerability detection and enumeration

Web Vulnerabilities10 commands

#wordpress#cms#scanner#vulnerability

Installation

1Install via gem

2Install dependencies

3Verify installation

# Using gem
gem install wpscan

# Verify
wpscan --version

Basic Usage

Enumerate WordPress vulnerabilities, users, plugins, and themes

# Basic scan
wpscan --url https://target.com

# Enumerate users
wpscan --url https://target.com --enumerate u

# With API token for better results
wpscan --url https://target.com --api-token TOKEN

Command Reference

10 commands

1Target WordPress URL

--url

2Enumerate (u=users, p=plugins, t=themes)

--enumerate

3WPVulnDB API token for live data

--api-token

4Password brute forcing (xmlrpc, wp-login)

--password-attack

5Plugin version detection mode

--plugins-version-detection

6Output to file

-o

7Output format (cli, json, etc.)

--format

8Proxy for requests

--proxy

9Cookie string for authentication

--cookie

10Randomize user agent

--random-user-agent

When to Use

WordPress reconnaissance and security auditing

Vulnerability scanning for known CVEs

User enumeration for brute force targets

Plugin and theme version checking

Password brute forcing on WordPress sites

Notes & Tips

API token from WPVulnDB required for real-time vulnerability data

Rate limiting may apply; use --throttle flag if needed

Works best with full access to the target site

Common Errors & Solutions

Connection refused

Ensure the target URL is correct and reachable

API token required

Too many redirects

Use --follow-redirection or check URL format