Wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
wpscan --url http:// -e vp, ap, p, vt, at, t, tt, cb, dbe, u, m # Enumerate all
wpscan –url <target> -P <path/to/your/wordlist.txt>
Change detection from passive, aggressive, and mixed: –detection-mode <mode>
Use a random user-agent on a scan (useful when blocked by a WAF): –random-user-agent
Select a list of users to be targeted during a password brute force attack: -U <path/to/your/userlist.txt>
Last updated