URL: https://awd.is/ [188.225.81.71] Started: Tue May 20 02:22:49 2025 Interesting Finding(s): Headers | Interesting Entries: | - Server: nginx | - X-Powered-By: PHP/7.4.33 | Found By: Headers (Passive Detection) | Confidence: 100% robots.txt found: https://awd.is/robots.txt | Interesting Entries: | - /wp-admin | - /wp-json/ | - /xmlrpc.php | - /readme.html | - /de/* | - /pt/* | - /it/* | - /fr/* | - /es/* | - /ca/* | - /en/* | - /zh-TW/* | - /ta/* | - /*/vinskiawd | - /*/vinskiy_awd | - /*/feed* | - /*/?filter_by=review_high?filter_by=review_high* | - /*/?filter_by=popular7filter_bypopular7 | - /*/?filter_by=popularfilter_bypopular | - /*.htm | - /archive | - */trackback/ | - */feed/ | - */comments/ | - /?feed= | - /?s= | - /*.css | - /*.js | - | Found By: Robots Txt (Aggressive Detection) | Confidence: 100% XML-RPC seems to be enabled: https://awd.is/xmlrpc.php | Found By: Direct Access (Aggressive Detection) | Confidence: 100% | References: | - http://codex.wordpress.org/XML-RPC_Pingback_API | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/ | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/ | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/ | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/ WordPress readme found: https://awd.is/readme.html | Found By: Direct Access (Aggressive Detection) | Confidence: 100% This site has 'Must Use Plugins': https://awd.is/wp-content/mu-plugins/ | Found By: Direct Access (Aggressive Detection) | Confidence: 80% | Reference: http://codex.wordpress.org/Must_Use_Plugins The external WP-Cron seems to be enabled: https://awd.is/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 WordPress version 6.8.1 identified (Latest, released on 2025-04-30). | Found By: Query Parameter In Install Page (Aggressive Detection) | - https://awd.is/wp-includes/css/dashicons.min.css?ver=6.8.1 | - https://awd.is/wp-includes/css/buttons.min.css?ver=6.8.1 | - https://awd.is/wp-admin/css/forms.min.css?ver=6.8.1 | - https://awd.is/wp-admin/css/l10n.min.css?ver=6.8.1 | - https://awd.is/wp-admin/css/install.min.css?ver=6.8.1 WordPress theme in use: reboot_child | Location: https://awd.is/wp-content/themes/reboot_child/ | Style URL: https://awd.is/wp-content/themes/reboot_child/style.css | Style Name: Reboot Child | Style URI: https://wpshop.ru/themes/reboot | Author: WPShop.biz | Author URI: http://wpshop.biz/ | | Found By: Css Style In Homepage (Passive Detection) | Confirmed By: Css Style In 404 Page (Passive Detection) | | Version: 1.0.0 (80% confidence) | Found By: Style (Passive Detection) | - https://awd.is/wp-content/themes/reboot_child/style.css, Match: 'Version: 1.0.0' Enumerating Users (via Passive and Aggressive Methods) Brute Forcing Author IDs -: |=================================================| User(s) Identified: admin | Found By: Wp Json Api (Aggressive Detection) | - https://awd.is/wp-json/wp/v2/users/?per_page=100&page=1 No WPScan API Token given, as a result vulnerability data has not been output. You can get a free API token with 25 daily requests by registering at https://wpscan.com/register Finished: Tue May 20 02:23:31 2025 Requests Done: 70 Cached Requests: 11 Data Sent: 22.887 KB Data Received: 4.202 MB Memory used: 212.582 MB Elapsed time: 00:00:41