wpscan
WordPress vulnerability scanner. More information: <https://github.com/wpscanteam/wpscan>.
Install
- All systems
-
curl cmd.cat/wpscan.sh
- Arch Linux
-
pacman -S wpscan - Kali Linux
-
apt-get install wpscan - OS X
-
brew install wpscan
WordPress vulnerability scanner. More information: <https://github.com/wpscanteam/wpscan>.
-
Update the vulnerability database:
wpscan --update -
Scan a WordPress website:
wpscan --url url -
Scan a WordPress website, using random user agents and passive detection:
wpscan --url url --stealthy -
Scan a WordPress website, checking for vulnerable plugins and specifying the path to the `wp-content` directory:
wpscan --url url --enumerate vp --wp-content-dir remote/path/to/wp-content -
Scan a WordPress website through a proxy:
wpscan --url url --proxy protocol://ip:port --proxy-auth username:password -
Perform user identifiers enumeration on a WordPress website:
wpscan --url url --enumerate u -
Execute a password guessing attack on a WordPress website:
wpscan --url url --usernames username|path/to/usernames.txt --passwords path/to/passwords.txt threads 20 -
Scan a WordPress website, collecting vulnerability data from the WPVulnDB (<https://wpvulndb.com/>):
wpscan --url url --api-token token
© tl;dr; authors and contributors