Enumerate Wordpress Users (wpscan --url http://xn----7sbecl2dbcfoo.xn--p1ai/ --enumerate u --random-user-agent --force --max-scan-duration 60)
URL: https://xn----7sbecl2dbcfoo.xn--p1ai/ [2606:4700:3031::ac43:b356]
Started: Tue May 13 07:04:49 2025
Interesting Finding(s):
Headers
| Interesting Entries:
| - Server: cloudflare
| - X-Powered-By: PHP/7.1.33
| - Cf-Cache-Status: DYNAMIC
| - Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
| - Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2FpT1%2FbTu7Fq496Ilq1gGmvl%2FH%2Bjn2haVW%2FJPBpf%2FSdeDzh9RRu7DIFI96cRzXp8J7wc8F3Opy6kwiiolwMx1JhV%2FglZjawkkDJMIWUtwe0vLOAuq3BGT4K%2BXPJoye5GrKmZ%2FtaNXmWC6y9xVZH8Q8w0GYQCsI%2Bsal81o"}]}
| - CF-RAY: 93f2b50ffb41a2b3-LAX
| - alt-svc: h3=":443"; ma=86400
| Found By: Headers (Passive Detection)
| Confidence: 100%
robots.txt found: https://xn----7sbecl2dbcfoo.xn--p1ai/robots.txt
| Interesting Entries:
| - /admin
| - /wp-admin
| - /wp-includes
| - /wp-comments
| - /wp-login.php
| - /wp-register.php
| - /cgi-bin
| - *?*
| - *page*
| - /charity/*
| - /city/*
| - /new/*
| - /product/*
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
XML-RPC seems to be enabled: https://xn----7sbecl2dbcfoo.xn--p1ai/xmlrpc.php
| Found By: Headers (Passive Detection)
| Confidence: 100%
| Confirmed By: Direct Access (Aggressive Detection), 100% confidence
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/
WordPress readme found: https://xn----7sbecl2dbcfoo.xn--p1ai/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
Debug Log found: https://xn----7sbecl2dbcfoo.xn--p1ai/wp-content/debug.log
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| Reference: https://codex.wordpress.org/Debugging_in_WordPress
The external WP-Cron seems to be enabled: https://xn----7sbecl2dbcfoo.xn--p1ai/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
WordPress version 5.5.15 identified (Outdated, released on 2024-06-24).
| Found By: Rss Generator (Passive Detection)
| - https://xn----7sbecl2dbcfoo.xn--p1ai/sample-page/feed/, <generator>https://wordpress.org/?v=5.5.15</generator>
| Confirmed By: Emoji Settings (Passive Detection)
| - https://xn----7sbecl2dbcfoo.xn--p1ai/, Match: '-release.min.js?ver=5.5.15'
WordPress theme in use: v2.2
| Location: https://xn----7sbecl2dbcfoo.xn--p1ai/wp-content/themes/v2.2/
| Style URL: https://xn----7sbecl2dbcfoo.xn--p1ai/wp-content/themes/v2.2/style.css
| Style Name: Автоподбор
| Author: the SheepFish team
| Author URI: https://sheep.fish/
|
| Found By: Urls In Homepage (Passive Detection)
|
| Version: 2.2 (80% confidence)
| Found By: Style (Passive Detection)
| - https://xn----7sbecl2dbcfoo.xn--p1ai/wp-content/themes/v2.2/style.css, Match: 'Version: 2.2'
Enumerating Users (via Passive and Aggressive Methods)
Brute Forcing Author IDs -: |=================================================|
User(s) Identified:
welcome_home
| Found By: Oembed API - Author URL (Aggressive Detection)
| - https://xn----7sbecl2dbcfoo.xn--p1ai/wp-json/oembed/1.0/embed?url=https://xn----7sbecl2dbcfoo.xn--p1ai/&format=json
| Confirmed By:
| Yoast Seo Author Sitemap (Aggressive Detection)
| - https://xn----7sbecl2dbcfoo.xn--p1ai/author-sitemap.xml
| Author Id Brute Forcing - Author Pattern (Aggressive Detection)
pavelzuev
| Found By: Yoast Seo Author Sitemap (Aggressive Detection)
| - https://xn----7sbecl2dbcfoo.xn--p1ai/author-sitemap.xml
s_vasilevbk-ru
| Found By: Yoast Seo Author Sitemap (Aggressive Detection)
| - https://xn----7sbecl2dbcfoo.xn--p1ai/author-sitemap.xml
| Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
d-raskopinpodbor-org
| Found By: Yoast Seo Author Sitemap (Aggressive Detection)
| - https://xn----7sbecl2dbcfoo.xn--p1ai/author-sitemap.xml
nikolaj-vlasoff2010yandex-ru
| Found By: Yoast Seo Author Sitemap (Aggressive Detection)
| - https://xn----7sbecl2dbcfoo.xn--p1ai/author-sitemap.xml
| Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
No WPScan API Token given, as a result vulnerability data has not been output.
You can get a free API token with 25 daily requests by registering at https://wpscan.com/register
Finished: Tue May 13 07:05:30 2025
Requests Done: 61
Cached Requests: 6
Data Sent: 20.354 KB
Data Received: 2.262 MB
Memory used: 245.172 MB
Elapsed time: 00:00:41
Color Scheme
-
Target
xn----7sbecl2dbcfoo.xn--p1ai
-
Scan method
Enumerate Wordpress Users
-
Run command
wpscan --url http://xn----7sbecl2dbcfoo.xn--p1ai/ --enumerate u --random-user-agent --force --max-scan-duration 60
-
Scan time
-
Quick report
-
Scan date
13 May 2025 10:05
-
Copy scan report
-
Download report
-
Remove scan result
We use cookies to ensure you get the best experience on our website.
Cookie policy