WPScan one-liners

sudo wpscan --url http://192.168.57.121/wordpress -e u #enumerate users

sudo wpscan --url http://192.168.57.121/wordpress/ --usernames admin --passwords /usr/share/wordlists/dirb/big.txt      #bruteforce one user

sudo wpscan --url http://192.168.101.174/wordpress --enumerate ap,at,cb,dbe -o wpscan.txt #enumerate plugins and redirect output fo file

wpscan --disable-tls-checks --url https://red:12380/blogblog/ --enumerate ap --plugins-detection  #aggressive aggressive plugins detection

wpscan --disable-tls-checks --url https://red:12380/blogblog/ -e u #disable ckecks

#Flags 

# --rua: random user agent
# --http-auth username:password
# -e: enumerate
#  ap: All plugins
#  at: All themes
#  tt: Timthumbs
#  cb: Config backups
#  dbe: Db exports
#  u: User IDs range
#  m: Media IDs range
PreviousExtra commandsNextPlugins & Themes exploitation

Last updated