commands.sh

wpscan

all

WordPress vulnerability scanner.

More info →

Examples (8)

Update the vulnerability database

wpscan --update

Scan a WordPress website

wpscan --url url

Scan a WordPress website, using random user agents and passive detection

wpscan --url url --stealthy

Scan a WordPress website, checking for vulnerable plugins and specifying the path to the `wp-content` directory

wpscan --url url --enumerate vp --wp-content-dir remote/path/to/wp-content

Scan a WordPress website through a proxy

wpscan --url url --proxy protocol://ip:port --proxy-auth username:password

Perform user identifiers enumeration on a WordPress website

wpscan --url url --enumerate u

Execute a password guessing attack on a WordPress website

wpscan --url url --usernames username|path/to/usernames.txt --passwords path/to/passwords.txt threads 20

Scan a WordPress website, collecting vulnerability data from the WPVulnDB (<https://wpvulndb.com/>)

wpscan --url url --api-token token
made by @shridhargupta | data from tldr-pages