Recon

Common WordPress Files:

index.php
license.txt
wp-activate.php
/wp-admin/login.php
/wp-admin/wp-login.php
/login.php
/wp-login.php
xmlrpc.php
wp-content/uploads/
wp-includes/
wp-sitemap.xml

WPScan

wpscan --rua -e ap,at,tt,cb,dbe,u,m --url http://www.domain.com [--plugins-detection aggressive] --api-token <API_TOKEN> --passwords /usr/share/wordlists/external/SecLists/Passwords/probable-v2-top1575.txt


Flag	Description
`--rua`	Uses a random User-Agent to avoid detection by security tools.
`-e ap,at,tt,cb,dbe,u,m`	Enumeration options to scan for specific WordPress components:
	- `ap`: All plugins
	- `at`: All themes
	- `tt`: Installed and available theme versions
	- `cb`: Vulnerable/exposed config backups
	- `dbe`: Exposed database exports
	- `u`: WordPress users
	- `m`: Media files
`--url http://www.domain.com`	Specifies the target WordPress site to scan.
`[--plugins-detection aggressive]` (Optional)	Enables aggressive mode for plugin detection. Deep scans can identify more plugins but may trigger security alerts.
`--api-token <API_TOKEN>`	Provides your API token for accessing WPScan’s vulnerability database.
`--passwords <path_to_wordlist>`	Specifies a wordlist for brute-forcing passwords during user enumeration.

Recon

Common WordPress Files:​

WPScan​

Common WordPress Files:

WPScan