Does it support XML-RPC attacks?

Yes, it provides specific commands and XML payloads for testing the security of XML-RPC interfaces, including multicall brute-force techniques.

How does it identify hidden plugins?

It utilizes a combination of passive HTML discovery, aggressive directory scanning, and version-specific meta-tag analysis to identify themes and plugins.

Does this skill require external tools?

Yes, it is designed to work alongside standard industry tools such as WPScan, Nmap, Burp Suite, and the Metasploit Framework.

Can I use this for unauthorized testing?

No, this skill is strictly intended for ethical hacking and security professionals who have obtained explicit written authorization to test a target system.

WordPress Security & Pentesting

Name: WordPress Security & Pentesting
Author: claudiodearaujo

byclaudiodearaujo

0•

セキュリティとテスト

Performs comprehensive security assessments of WordPress installations through automated enumeration, vulnerability scanning, and exploitation workflows.

This skill provides a structured methodology for conducting professional penetration tests on WordPress websites. It guides users through every phase of a security audit—from initial discovery and deep enumeration of themes and plugins to advanced vulnerability scanning with WPScan and credential testing. Whether you are identifying misconfigured XML-RPC interfaces, auditing user permissions, or documenting proof-of-concept exploits, this skill ensures a thorough evaluation of a site's security posture while adhering to industry best practices and common security frameworks.

主な機能

01Deep enumeration of WordPress versions, active themes, and installed plugins.

02Multi-method user discovery via author IDs, JSON APIs, and REST endpoints.

030 GitHub stars

04Advanced credential assessment using wp-login and XML-RPC multicall brute-force.

05Automated vulnerability scanning using WPScan and vulnerability database integration.

06Detailed exploitation guidance for shell uploads and Metasploit framework integration.

ユースケース

01Web developers looking to harden their sites against common CMS attack vectors.

02Security researchers performing authorized audits on WordPress installations.

03Cybersecurity students practicing enumeration and exploitation in lab environments.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter wordpress-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill