Do I need WPScan installed to use this skill?

Yes, this skill provides the specific methodology and commands for WPScan, which is required to be installed in your environment (standard in Kali Linux).

Does it support XML-RPC attacks?

Yes, the skill includes specialized techniques for checking XML-RPC status and performing multicall brute-forcing to bypass traditional login protections.

Is a WPScan API token required?

While basic enumeration works without it, an API token is highly recommended to cross-reference identified versions against the latest vulnerability databases.

Can this skill exploit vulnerabilities automatically?

It provides the specific workflows and command structures for exploitation via Metasploit or web shells, but the user must initiate the execution within their authorized environment.

What kind of reports does this skill generate?

It guides you through creating enumeration reports, vulnerability assessments, credential findings, and documented proof of exploitation.

WordPress Penetration Testing

Name: WordPress Penetration Testing
Author: zebbern

byzebbern

•

2,883

•

Security & Testing

Performs comprehensive security assessments and vulnerability scanning on WordPress installations to identify and mitigate risks.

This skill provides an exhaustive framework for auditing WordPress security, covering everything from initial discovery and enumeration of plugins, themes, and users to advanced exploitation techniques. It integrates workflows for industry-standard tools like WPScan and Metasploit, allowing security professionals to efficiently detect CVEs, misconfigurations, and weak credentials while following a structured 10-phase methodology. It is ideal for security researchers looking to automate reconnaissance and document findings for WordPress-specific environments.

Key Features

01Advanced password attack strategies including XML-RPC multicall

02Vulnerability detection for core files and third-party extensions

03Manual discovery techniques for hidden WordPress paths and configuration files

04Guided exploitation procedures using Metasploit and custom web shells

05Automated WPScan enumeration for plugins, themes, and users

062,883 GitHub stars

Use Cases

01Identifying vulnerable themes or plugins before a production deployment

02Simulating real-world attacks to test WAF efficacy and incident response

03Conducting professional security audits for WordPress-based clients

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zebbern/claude-code-guide wordpress-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill