WPScan stopped by CloudProxy WAF
It is recommended that you use a different pseudonym than the one used to login. Also, some .htaccess solutions exist for preventing user enumeration.
- a)Password guessing
Generate a wordlist, which is simply a text file with passwords on each line. Place this file in the wpscan directory for easy usage by the WPScan application.
Once the wordlist is in the directory, include the –wordlist argument along with the name of the wordlist file. One may also specify the number of threads to use at the same time to process the list. Subject to the length of the wordlist, it could take loads of time or computer resources to complete.
ruby wpscan.rb –url http://yourwebsite.com --wordlist passwords.txt threads 50
Join the Discussion
Reply
OldMCSEGuy
Premium
BobBarr
Premium
"Step 1
Open Terminal and change your directory to the wpscan folder downloaded during installation "
Two questions:
1. Is terminal access possible on WA-hosted sites? On siterubix subdomians? Is FTP access required? (If so, lack of FTP access will preclude doing this on siterubix subdomains.)
2. Step 1 says to change the directory to the folder downloaded during installation. During what installation? (There are no instructions for performing the installation.)
Open Terminal and change your directory to the wpscan folder downloaded during installation "
Two questions:
1. Is terminal access possible on WA-hosted sites? On siterubix subdomians? Is FTP access required? (If so, lack of FTP access will preclude doing this on siterubix subdomains.)
2. Step 1 says to change the directory to the folder downloaded during installation. During what installation? (There are no instructions for performing the installation.)
