Wordpress

Enumeration

Find Users

https://cavementech.com/wp-json/wp/v2/userscavementech.com
use the link

WPSCAN

WPScan is a WordPress security scanner designed to find vulnerabilities in WordPress websites.

🔒 What it does:

  • Scans for known vulnerabilities in:

    • WordPress core (the main system)

    • Installed plugins

    • Installed themes

  • Checks for weak passwords on user accounts.

  • Looks for configuration issues (e.g., directory listing enabled, debug mode active).

Logowpscan | Kali Linux ToolsKali Linux
wpscan --url http://wordpress.local

Wpscan is installed in Kali and parrot OS, you need to register on WPSCAN website and get the API-Key

wpscan --url http://cmnatics.playground/ --enumerate u,p,t,vp --api-token kAp93ZFanbv7N35slZDR6IHuWqiKpuws2aM3grEMsbY

Bruteforcing

wpscan –-url http://cmnatics.playground –-passwords rockyou.txt –-usernames cmnatic

Default backup file

http://target.ine.local/wp-config.bak

PreviousUploading ShellsNextWebdav

Last updated