Enumeration via wp-scan
# enuemrate users wpscan --url http://url -e u # perform aggressive scans wpscan --url http://url -e u,t,p --detection aggressive --plugins-detection aggressive # perform checks on https sites wpscan --url https://url -e u --disable-tls-checks
Useful locations
/wp-contents/plugins/ /wp-includes/
ttps://book.hacktricks.xyz/pentesting/pentesting-web/wordpress
Last updated 2 years ago
Was this helpful?