wpscan

wpscan --help wpscan --url --enumerate -e vt,ap,tt,u [[ to make sure all plugins are included ]] --wordlist [[for brute forcing password ]] --usernames [[ when giving a list ]] --log filename.log [[ to create a output log file ]] usage eg . wpscan --url http://124.124.124.124 -e ap,u,tt,vt --log wpscan.log wpscan --url http://124.124.124.124 --wordlist `pwd`/fsocity.dic --username elliot for bruteforcing once logged in look for plugins ---- we can create and insstall a malicious plugin [[idk how to do it ]] look for users --- to see how many users are there look for apperance → editor and try reverse php