finding

Enumeration

Type of users

Administrator
Editor: who can publish and manage all posts, including others.
Author: publish and manage their own posts.
Contributor: who writes and manage their own posts but cannot publish them.
Subscriber: Who can browse posts and edit their profile.

Identify WordPress version

/robots.txt
curl -s http://blog."$domain" | grep WordPress

Login Pages

/wp-admin/login.php
/wp-admin/wp-login.php
/login.php
/wp-login.php

Directories

/wp-content/uploads (must check)
/wp-content/plugins
/wp-content/themes
/wp-includes (WordPress core files)

WordPress core version enumeration

#Press CTRL + F
#Search for "meta generator"
						OR
curl -s -X GET http://blog."$domain" | grep '<meta name="generator"'
#Source code may also provide version information such as CSS, JS

Manual enumeration

Take some time and manually browser to look through the page sources.

Check themes

curl -s -X GET "$ip" | sed 's/href=/\n/g' | sed 's/src=/\n/g' | grep 'themes' | cut -d"'" -f2

Check plugins

curl -s -X GET "$ip" | sed 's/href=/\n/g' | sed 's/src=/\n/g' | grep 'wp-content/plugins/*' | cut -d"'" -f2

Checking plugins/themes

curl -I -X GET http://blog."$domain"/wp-content/plugins/someplugi

Pretty print html

html2text

Gather version information about themes/plugins

/wp-content/themes/business-gravity/readme.txt
/wp-content/plugins/mail-masta/readme.txt (stable tag x.y.z)

Manual users enumeration

Go to /wp-login.php

Automatic WordPress enumeration

sudo wpscan --url "$ip" --enumerate --api-token "$wp_token"
#NOTE: it is really important to do manual enumeration because automatic tool often miss something.

Previousenumeration Nextmethod

Last updated 1 day ago

hashtagEnumeration

hashtagManual enumeration

hashtagAutomatic WordPress enumeration

Enumeration

Manual enumeration

Automatic WordPress enumeration