How does it handle user enumeration?

The skill provides multiple methods for user discovery, including WPScan enumeration, author ID cycling, and REST API queries.

Is XML-RPC testing included?

Yes, it features specific workflows for checking XML-RPC status and performing efficient multicall brute-force attacks to bypass certain protections.

Does it support WPScan API tokens?

Yes, it includes instructions for using WPScan API tokens to retrieve the most up-to-date vulnerability data from the official WPScan database.

Can I use this for unauthorized testing?

No, this skill is designed for authorized security professionals and site owners. You must always obtain written permission before testing any site you do not own.

What tools does this skill require?

This skill utilizes industry-standard tools like WPScan, Metasploit, Nmap, and Burp Suite to perform deep security analysis of WordPress installations.

WordPress Penetration Testing

Name: WordPress Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

Security & Testing

Performs comprehensive security audits and vulnerability assessments of WordPress installations using professional penetration testing methodologies.

This skill empowers Claude to act as a security specialist for WordPress environments, guiding users through the full lifecycle of a penetration test. It covers everything from initial discovery and enumeration of plugins, themes, and users to advanced vulnerability scanning with WPScan and credential testing via XML-RPC. Whether you are a security researcher or a site administrator, this skill provides the specific commands, workflows, and exploitation patterns needed to identify and mitigate risks in the world's most popular CMS.

Key Features

01Comprehensive password attack strategies including XML-RPC multicall techniques

02Detailed exploitation workflows for shell uploads and known plugin vulnerabilities

03WPScan integration for vulnerability database lookups and CVE identification

04Automated enumeration of WordPress themes, plugins, and users

05Manual verification techniques for identifying security misconfigurations

060 GitHub stars

Use Cases

01Hardening corporate WordPress sites against common attack vectors and exploits

02Conducting authorized security audits for WordPress-based clients

03Learning professional web application penetration testing workflows and toolsets

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter wordpress-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill