wordpress-penetration-testing

Solid

This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.

Testing & QA 4,222 stars 422 forks Updated today MIT

Install

View on GitHub

Quality Score: 96/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# WordPress Penetration Testing ## Purpose Conduct comprehensive security assessments of WordPress installations including enumeration of users, themes, and plugins, vulnerability scanning, credential attacks, and exploitation techniques. WordPress powers approximately 35% of websites, making it a critical target for security testing. ## Prerequisites ### Required Tools - WPScan (pre-installed in Kali Linux) - Metasploit Framework - Burp Suite or OWASP ZAP - Nmap for initial discovery - cURL or wget ### Required Knowledge - WordPress architecture and structure - Web application testing fundamentals - HTTP protocol understanding - Common web vulnerabilities (OWASP Top 10) ## Outputs and Deliverables 1. **WordPress Enumeration Report** - Version, themes, plugins, users 2. **Vulnerability Assessment** - Identified CVEs and misconfigurations 3. **Credential Assessment** - Weak password findings 4. **Exploitation Proof** - Shell access documentation ## Core Workflow ### Phase 1: WordPress Discovery Identify WordPress installations: ```bash # Check for WordPress indicators curl -s http://target.com | grep -i wordpress curl -s http://target.com | grep -i "wp-content" curl -s http://target.com | grep -i "wp-includes" # Check common WordPress paths curl -I http://target.com/wp-login.php curl -I http://target.com/wp-admin/ curl -I http://target.com/wp-content/ curl -I http://target.com/xmlrpc.php # Check meta generator tag curl -s http://target.com | grep "generator" # Nm...

Details

Author
zebbern
Repository
zebbern/claude-code-guide
Created
11 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI WordPress · CMS

Similar Skills

Semantically similar based on skill content — not just same category

Testing & QA Solid

wordpress-penetration-testing

This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.

27,705 Updated today
davila7
Testing & QA Listed

wordpress-penetration-testing

This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.

335 Updated today
aiskillstore
Testing & QA Featured

wordpress-penetration-testing

Assess WordPress installations for common vulnerabilities and WordPress 7.0 attack surfaces.

39,350 Updated today
sickn33
Testing & QA Solid

pentest-commands

This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references.

27,705 Updated today
davila7
Testing & QA Listed

pentest-commands

This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references.

335 Updated today
aiskillstore