wordpress-penetration-testinglisted

This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.
aiskillstore/marketplace · ★ 334 · Testing & QA · score 83

Install: claude install-skill aiskillstore/marketplace

# WordPress Penetration Testing ## Purpose Conduct comprehensive security assessments of WordPress installations including enumeration of users, themes, and plugins, vulnerability scanning, credential attacks, and exploitation techniques. WordPress powers approximately 35% of websites, making it a critical target for security testing. ## Prerequisites ### Required Tools - WPScan (pre-installed in Kali Linux) - Metasploit Framework - Burp Suite or OWASP ZAP - Nmap for initial discovery - cURL or wget ### Required Knowledge - WordPress architecture and structure - Web application testing fundamentals - HTTP protocol understanding - Common web vulnerabilities (OWASP Top 10) ## Outputs and Deliverables 1. **WordPress Enumeration Report** - Version, themes, plugins, users 2. **Vulnerability Assessment** - Identified CVEs and misconfigurations 3. **Credential Assessment** - Weak password findings 4. **Exploitation Proof** - Shell access documentation ## Core Workflow ### Phase 1: WordPress Discovery Identify WordPress installations: ```bash # Check for WordPress indicators curl -s http://target.com | grep -i wordpress curl -s http://target.com | grep -i "wp-content" curl -s http://target.com | grep -i "wp-includes" # Check common WordPress paths curl -I http://target.com/wp-login.php curl -I http://target.com/wp-admin/ curl -I http://target.com/wp-content/ curl -I http://target.com/xmlrpc.php # Check meta generator tag curl -s http://target.com | grep "generator" # Nm