Wordpress vulnerability scanner.
# To update the vulnerability database:
wpscan --update
# To scan a Wordpress website:
wpscan --url <url>
# To scan a Wordpress website, using random user agents and passive detection:
wpscan --url <url> --stealthy
# To scan a Wordpress website, checking for vulnerable plugins and specifying the path to the 'wp-content' directory:
wpscan --url <url> --enumerate <vp> --wp-content-dir <remote/path/to/wp-content>
# To scan a Wordpress website through a proxy:
wpscan --url <url> --proxy <protocol://ip:port> --proxy-auth <username:password>
# To perform user identifiers enumeration on a Wordpress website:
wpscan --url <url> --enumerate <u>
# To execute a password guessing attack on a Wordpress website:
wpscan --url <url> --usernames <username|path/to/usernames.txt> --passwords <path/to/passwords.txt> threads <20>
# To scan a Wordpress website, collecting vulnerability data from the WPVulnDB (https://wpvulndb.com/):
wpscan --url <url> --api-token <token>