Wordpress

Tools

• WPscan cli
• wpprobe - wordpress scanner in cli

Scanner online

• hackertarget - WP scanner
• WPScan

Recon - Enumeration

The login, or reset password form may reveal sensitive information such as : username, email of administrator referenced by default.

# Try to enumerate the author of the article
/?author=$i
for i in {1..30}; do curl -s -L -i http://example.com/?author=$i | grep -oP '(?<=<title>)(.*?)(?=</title>)'; done

Endpoint

/robots.txt
/xmlrpc.php # pingback, Dos
/wp-content/uploads/ # Index Of ?

# API Routes
/?rest_route=/wp/v2/users # all enum
/?rest_route=/wp/v2/users/$ID

/wp-json/wp/v2/users
/wp-json/?rest_route=/wp/v2/users

Scan

wpscan --url http://example.com --enumerate u,p,t
# enumerate users, plugins, themes

Resources

• Enumeration