Our great sponsors
-
first download this list of plugins: https://github.com/hypn/custom-wordlists/blob/master/wordpress-popular-plugins.txt
-
Is there an active fork? This looks dead https://github.com/delvelabs/vane
-
PopRuby
PopRuby: Clothing and Accessories for Ruby Developers. Fashion meets Ruby! Shop our fun Ruby-inspired apparel and accessories designed to celebrate the joy and diversity of the Ruby community.
-
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
there's good wordlist inside of the seclist stuff seclists/Discovery/Web-Content/CMS. I basic use seclist for all my wordlist needs now. I think this might be standard in Parrot and Kali under /usr/share/SecLists https://github.com/danielmiessler/SecLists
-
wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]
There is one annoying "gotcha" when using WPScan, especially plugin enumeration, which is for the best results you have to go an extra step and add the "--plugins-detection mixed" option. It is documented in our user documentation - https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation#enumeration-modes