WPScan

Overview

WPScan is an automated WordPress canner and enumeration tool. It determines if the various themes and plugins used by a WordPress site are outdated or vulnerable.

gem install wpscan
wpscan --hh

note

WPScan can pull in vulnerability information from external sources to enhance our scans. We can obtain an API token from WPVulnDB and you can supply it using --api-token parameter. The free plan allows up to 50 requests per day.

Enumerating a website

wpscan --url <TARGET> --enumerate --api-token <YOUR_KEY>

WPScan

Overview​

Enumerating a website​

Overview

Enumerating a website