search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.59k stars 1.26k forks source link

Brute Force only #1689

Closed Huibuh2010 closed 2 years ago

Huibuh2010 commented 2 years ago

Hello,

erwanlr commented 2 years ago

is it possible to brute force only?

You could tweak some options to reach the Password Attack faster, something like wpscan --detection-mode passive --plugins-version-detection passive --users-detection mixed --url URL -P password.txt

If you give the list of usernames, you can remove the --users-detection one, ie wpscan --detection-mode passive --plugins-version-detection passive --url URL -P password.txt -U users.txt

From 3.9.x (not yet released, see https://github.com/wpscanteam/wpscan/issues/1628), that will change as the enumeration won't run by default, so it will be easier to just run a password attack by simply giving the password list via -P

is it possbile to brute force with 1 user and 1 password to multiple server?

No, but you can write a bash script to do that though