Description: Wordpress is one of the most popular CMS among its entire open source competitor. WordPress has very simple and open framework. It is the most desirable choice of any hacker to start learning hacking with it.
Today we will look at tool called wpscan. This tool is vulnerability scanner for any WordPress installation. It will let you know following things
1. Version of the WordPress
2. Known list of information disclosure files (ex. Readme.html)
3. WordPress usernames
4. WordPress Plugin names
5. Bruteforce for password (Password list needs to be generated)
Tags: wpscan , wordpress , brute force ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
simple and short video.
good demonstration.
Go on!
It wouldnt enumerate worpress usernames if wordpress would fix the login page not to display wrong username, and wrong password. The correct message would be wrong username or/and password. But that can be fixed easily changing 2 lines in source.