Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Wpscan usage tutorial

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

First, a brief introduction:

Test system: kalilinux

Wpscan can detect the version, theme, plug-in and so on of wordpres, and can guess the background user name and burst password.

Scan vulnerability plug-in, support multi-threading, proxy and other functions.

Second: use method

1: probe basic information

Wpscan--urlwww.xxx.com

2: comprehensive testing

Wpscan--urlwww.xxx.com-e

3: scan plug-in

Wpscan--urlwwww.xxx.com-enumeratep

Scan only plug-ins that are vulnerable to *

Wpscan--urlwwww.xxx.com-enumeratevp

Scan all plug-ins

Wpscan--urlwwww.xxx.com-enumerateap

4: guess the user

Wpscan--urlwww.xx.com-eu or

Wpscan--urlwww.xxx.com-enumerateu

5: explode admin user password

Wpscan--urlwww.xxx.com-- dictionary .txt-- useruanmeadmin

Add a multithreading to speed up.

Wpscan--urlwww.xxx.com-- dictionary .txt-- useruanmeadmin--threads30

6: agent

Wpscan--urlwww.xxx.com-proxy127.0.0.1:8080

The agent can be used to grab the scan information of wpscan in combination with burpsuit.

Function base other functions wpscan-h take a look

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report