WPScan is a ruby script for probing wordpress sites for vulnerabilities and out of data software.


WPScan is installed by default on Kali, for other distributions you can install via ruby package manager gem.

sudo gem install wpscan


wpscan --url http://wordpress.site
wpscan --url http://wordpress.site -e u
wpscan --url http://flooritphotography.com -P /path/to/word/list.txt -U users.txt
--password-attack ATTACK                  Force the supplied attack to be used rather than automatically determining one.

Available choices: wp-login, xmlrpc, xmlrpc-multicall