Table of contents
Scan for WordPress Vulnerabilities
Introduction to WPscan
WPScan is a vulnerability scanning tool that comes with Kali Linux by default. It can comprehensively check the vulnerabilities of the wp website, so that it can promptly fix the vulnerabilities and avoid the danger of being hacked. At the same time, it can also realize Wordpress
brute force cracking of username and password for unprotected sites.
WPscan tool utilizes
View help information
wpscan -h
Update vulnerability library
wpscan --update
Scan for WordPress Vulnerabilities
wpscan --url http://dc-2/
scan wordpress users
wpscan --url http://dc-2 --enumerate u
Like, this is the user of the DC-2 range website I swiped.
Scan for themes and vulnerabilities used
wpsan --url http://dc-2 --enumerate vt
Specify dictionary brute force password
wpscan --url http://dc-2/ -U 2 -P 1
2 is the account number and 1 is the password. The accounts are the three admins, jerry, and tom we just scanned. The password is generated according to the website, using the cewl tool. For specific usage, please refer to the link below.
2022-Penetration Testing-Kali Linux Dictionary Generation Tool Cewl Usage Guide