1. WPScan Online
Membership level: Free member
Enumerate Wordpress Users (wpscan --url https://www.savegnago.com.br/ --enumerate u --random-user-agent --force --max-scan-duration 60)
URL: https://www.savegnago.com.br/ [2600:9000:280a:a400:1d:9fb:99c0:93a1]
Started: Mon Nov 10 15:54:16 2025

Interesting Finding(s):

Headers
 | Interesting Entries:
 |  - X-VTEX-Cache-Backend-Connect-Time: 0.000
 |  - X-VTEX-Cache-Backend-Header-Time: 0.035
 |  - Server: nginx
 |  - X-VTEX-Janus-Router-Backend-App: io-production-vstore-group-2-1d-4rt
 |  - X-Router-Cache: HIT
 |  - X-Vtex-Io-Cluster-Id: prod-dj-iostore-eks-use1d-4rt
 |  - x-vtex-product: store
 |  - x-vtex-renderer: render@8
 |  - x-vtex-etag-control: public, max-age=620
 |  - X-Vtex-Router-Elapsed-Time: 00:00:00.0025508
 |  - X-Vtex-Router-Version: 9.17.16
 |  - X-VTEX-Cache-Status: EXPIRED
 |  - X-Powered-By-VTEX-Cache: 2.6.1
 |  - X-VTEX-Cache-Server: ip-10-203-51-57.ec2.internal
 |  - X-VTEX-Cache-Time: 0.035
 |  - Via: 1.1 a83e83bac45033fa742a636490bdeb7e.cloudfront.net (CloudFront)
 |  - X-Amz-Cf-Pop: LAX54-P2
 |  - X-Amz-Cf-Id: KIo27uiPa33X0nj2K2wzl7QO3SEdy-uhGjeKak_tyTafswolnjbqVA==
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

robots.txt found: https://www.savegnago.com.br/robots.txt
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%

WordPress readme found: https://www.savegnago.com.br/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

This site seems to be a multisite
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | Reference: http://codex.wordpress.org/Glossary#Multisite

https://www.savegnago.com.br/emergency.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | Reference: https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script

The external WP-Cron seems to be enabled: https://www.savegnago.com.br/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299


Fingerprinting the version -: |========================== No WPScan API Token given, as a result vulnerability data has not been output.
 You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

Finished: Mon Nov 10 15:55:10 2025
Requests Done: 442
Cached Requests: 7
Data Sent: 142.421 KB
Data Received: 58.219 MB
Memory used: 168.625 MB
Elapsed time: 00:00:54

Scan Aborted: Max Scan Duration Reached
Color Scheme
Target
www.savegnago.com.br
Scan method
Enumerate Wordpress Users
Run command
wpscan --url https://www.savegnago.com.br/ --enumerate u --random-user-agent --force --max-scan-duration 60
Scan time
54s
Quick report
Order full scan ($19/one time)
Scan date
10 Nov 2025 18:55
Copy scan report
Download report
Remove scan result
$
Total scans
About 2 times
Some firewalls blocks vulnerability scanners. For get true positive results add wpscan.online IP addresses (208.76.253.232-208.76.253.239 or CIDR 208.76.253.232/29 ) to the whitelist
[scan_method]
Visibility:
Scan method:
Max Scan duration: