What is the primary tool used by this skill?

The skill primarily utilizes WPScan for enumeration and vulnerability detection, alongside tools like Nmap, Metasploit, and manual cURL commands.

Does this skill require an API token?

While basic enumeration works without one, a WPScan API token is recommended to retrieve the most up-to-date vulnerability and CVE data.

Can it bypass Web Application Firewalls (WAF)?

It includes advanced techniques such as request throttling, random user agents, and proxy rotation to help minimize detection by security filters.

Is this skill suitable for beginners in security?

Yes, it provides structured phases from discovery to exploitation, making it a valuable guide for those learning WordPress security fundamentals.

What kind of reports does this skill generate?

It helps produce detailed reports on WordPress versions, installed themes and plugins, identified users, and documented proofs of exploitation.

WordPress Penetration Testing

Name: WordPress Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

安全与测试

Performs comprehensive security audits and penetration testing on WordPress installations to identify vulnerabilities and misconfigurations.

This skill provides a specialized framework for security professionals and developers to conduct end-to-end vulnerability assessments of WordPress sites. It automates the process of enumerating users, themes, and plugins while offering detailed methodologies for version detection, credential brute-forcing via XML-RPC or standard login, and proof-of-concept exploitation using tools like WPScan and Metasploit. It is ideal for red-teaming, security auditing, and hardening WordPress environments against common attack vectors by identifying outdated components and weak authentication points.

主要功能

010 GitHub stars

02Automated enumeration of themes, plugins, and user accounts

03Comprehensive vulnerability scanning using WPScan and API integration

04Advanced credential attack methodologies including XML-RPC multicall

05Step-by-step guides for theme/plugin exploitation and shell uploads

06Detection evasion techniques like request throttling and proxy rotation

使用场景

01Conducting authorized security audits for WordPress-based clients

02Identifying and patching vulnerable plugins or themes before deployment

03Testing the effectiveness of Web Application Firewalls (WAF) against WordPress-specific attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front wordpress-penetration-testing

For use in Claude.ai and ChatGPT

主要功能

010 GitHub stars

02Automated enumeration of themes, plugins, and user accounts

03Comprehensive vulnerability scanning using WPScan and API integration

04Advanced credential attack methodologies including XML-RPC multicall

05Step-by-step guides for theme/plugin exploitation and shell uploads

06Detection evasion techniques like request throttling and proxy rotation

使用场景

01Conducting authorized security audits for WordPress-based clients

02Identifying and patching vulnerable plugins or themes before deployment

03Testing the effectiveness of Web Application Firewalls (WAF) against WordPress-specific attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front wordpress-penetration-testing

For use in Claude.ai and ChatGPT