WPScan

0

WP Scan is a tool that is mainly used for scanning vulnerabilities that can be found in any WordPress website. The type of vulnerabilities that can be scanned by Wpscan in a WordPress’ websites is the vulnerabilities that is located in the core version, plugins and themes of the websites. Furthermore, Wpscan can also be used for enumerating users and password.

First of all to see all the  WPscan’s features tools type in the kali terminal

Wp –help

The terminal will give a response similar to the figure below.

figure1.1

To use wp scan for user enumerating type in the command similar to the figure 1.2

figure1.2

note: replace https://team1.pentest.id  with the website that you want to enumerate

After getting a valid user name, password enumeration will be needed in order to get a valid password to the websites.

To start the password enumeration, type in command similar to the figure below where https://team1.pentes.id is the target websites and the passload.txt is the name of the password list.

figure1.3

note: replace the @user1 with the user you want to launch the enumeration attack and replace the passload.txt with the password list that you want to use for password enumeration attack.

 

figure1.4

Password enumeration would not always successful. The attack will only be successful if the correct password resides in the password.lst. So, if there is no correct password among the passwords in the password.lst the enumeration would not work.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *