Does it support user enumeration if the REST API is blocked?

Yes, it covers multiple enumeration vectors including author ID scanning and login error analysis to identify valid usernames.

Is this skill suitable for beginners in security testing?

While it provides structured workflows, it assumes a basic understanding of terminal commands and web security fundamentals.

What tools are required to use this skill?

This skill provides guidance for using WPScan, Metasploit Framework, Nmap, and standard command-line utilities like cURL.

Can I use my WPScan API token with this skill?

Yes, the skill includes specific command patterns for integrating API tokens to fetch the most up-to-date vulnerability data.

Does it include methods for gaining a remote shell?

Yes, the skill details both manual PHP shell uploads and automated Metasploit modules for authorized exploitation testing.

WordPress Penetration Testing

Name: WordPress Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

Seguridad y Pruebas

Conducts comprehensive security audits and vulnerability assessments for WordPress installations using industry-standard tools and methodologies.

This skill empowers Claude to perform end-to-end WordPress security evaluations, covering everything from initial footprinting and version detection to advanced theme and plugin enumeration. It provides structured workflows for using WPScan, Metasploit, and manual techniques to identify misconfigurations, weak credentials, and known CVEs. Whether you're hardening a production site or performing a professional audit, this skill provides the necessary commands and logic to uncover security flaws in the world's most popular CMS.

Características Principales

01Detailed exploitation patterns including shell uploads and backdoors

02Automated vulnerability scanning with WPScan API integration

030 GitHub stars

04Comprehensive user, theme, and plugin enumeration techniques

05Password brute-forcing workflows via wp-login and XML-RPC

06Advanced detection evasion using throttling and proxy rotation

Casos de Uso

01Performing full-scope security assessments during professional penetration tests

02Auditing a WordPress site for outdated plugins and known CVEs

03Testing administrative password strength against brute-force attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front wordpress-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill

Características Principales

01Detailed exploitation patterns including shell uploads and backdoors

02Automated vulnerability scanning with WPScan API integration

030 GitHub stars

04Comprehensive user, theme, and plugin enumeration techniques

05Password brute-forcing workflows via wp-login and XML-RPC

06Advanced detection evasion using throttling and proxy rotation

Casos de Uso

01Performing full-scope security assessments during professional penetration tests

02Auditing a WordPress site for outdated plugins and known CVEs

03Testing administrative password strength against brute-force attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front wordpress-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill