WPScan β
TIP
WPScan is a WordPress security scanner used to find vulnerabilities, enumerate users, plugins, and themes, and perform other security checks on WordPress sites.
π Official Resources β
οΏ½οΏ½ Common Commands β
| Task | Command |
|---|---|
| Basic scan | wpscan --url https://target.com |
| Enumerate users | wpscan --url https://target.com --enumerate u |
| Enumerate plugins | wpscan --url https://target.com --enumerate p |
| Check for vulnerable themes | wpscan --url https://target.com --enumerate t |
π·οΈ Useful Flags β
| Flag | Description |
|---|---|
--url | Target WordPress site |
--enumerate | Enumeration options (u: users, p: plugins, t: themes, vp: vulnerable plugins, vt: vulnerable themes) |
--api-token | WPScan API token for vulnerability data |
-e | Short for --enumerate |
-o | Output file |
--random-user-agent | Use a random user agent |
--disable-tls-checks | Disable SSL/TLS certificate checks |
WARNING
Always have permission before scanning a WordPress site with WPScan. Unauthorized scanning is illegal and unethical.
π Resources β
π HTB CTF Go-To Command β
A common WPScan command for enumerating users and plugins in HTB CTFs:
bash
wpscan --url http://10.10.10.10 --enumerate u,p --disable-tls-checks -o wpscan_results.txt--url: Target WordPress site (replace with the actual target IP)--enumerate u,p: Enumerate users and plugins--disable-tls-checks: Ignore SSL/TLS errors (useful for CTFs)-o: Output results to a file