WPScan

Description

WPScan is a WordPress vulnerability scanner. It is used to enumerate WordPress users, plugins, themes, and perform password brute force attacks against WordPress sites.

Usage 1: Enumerate WordPress Users

Command:

wpscan --url http://wordpress.local -e u

Usage 2: WordPress Brute Force

Enumerate everything and brute force passwords with a wordlist.

Command:

wpscan --url http://192.168.0.93/testcenter/ -e -P /usr/share/wordlists/rockyou.txt