Owasp WordPress Vulnerability Scanner

Guidelines: https://www.owasp.org/index.php/OWASP_Wordpress_Security_Implementation_Guideline


	-h,   --help			Show this help message.

	-u,   --url			Target URL (e.g. "http://mywp.com/")

	-f,   --force			Ignore if target is not wordpress.

	-v,   --version			Check for available version

	--upgrade			Upgrade to newer version

	--wpvulndb			Use WPVulnDB API Instead of local database. (Powered by wpvulndb.com API)

	--no-log			Disable Logging


	--ua, --user-agent		Set user-agent, default: random user agent

	-t,   --thread			numbers of threads, default: 10

	--proxy				Set proxy. eg: protocol://[username:[email protected]]host:port


	-d,   --default			Default scanning mode

					Equivalent to --dp,--dt,--b option

	-b,   --basic			Show basic information about target

					Eg: robots.txt path, check multisite, registration enable, readme file

	--dp, --discover-plugin		Discover plugin(s) via html source

	--dt, --discover-theme		Discover theme(s) via html source

Plugin/Theme Enumeration:

	--ep, --enumerate-plugin	Enumerate plugins

	--et, --enumerate-theme		Enumerate themes

	--vp, --vuln-plugin		Enumerate vulnerable plugins only

	--vt, --vuln-theme		Enumerate vulnerable themes only

User Enumeration:

	--eu, --enumerate-user		Enumerate users

	-i,   --iterate			numbers of iteration, default: 10

	-f,   --feed			Enumerate through rss feeds, default: author pages

	-B,   --ubrute			Set wordlist file(full path) to bruteforce username, default will use built-in wordlist

	-p,   --protect			Check if the site is protected before bruteforcing, use with -B or --ubrute


	--bf, --bruteforce		Bruteforce Mode

	-x,   --xmlrpc			Bruteforce through XMLRPC interface

	-p,   --protect			Check if the site is protected before bruteforcing

	-F,   --ufound			Set username to enumerated users

	-U,   --user			Set username or file containing user lists

	-w,   --wordlist		Set wordlist file(full path), default will use built-in wordlist




tags: & category: -