Kali Linux basic WordPress pentesting

⚠️ Ethical Considerations Always get explicit permission before scanning any website. Unauthorized scanning is illegal and could lead to legal consequences. Use these tools only for security testing and ethical hacking purposes.

Before scanning, update WPScan’s database: wpscan --update

Run a basic scan:

wpscan --url http://domain.com --random-user-agent
// Random user agent will bypass any WAF that filters on agent

Scan for Plugins Vulnerabilities:

wpscan --url http://example.com --enumerate p

Scan for Themes Vulnerabilities

wpscan --url http://example.com --enumerate t

Scan for WordPress Users (detect admin usernames)

wpscan --url http://example.com --enumerate u

Last updated 11 months ago