1. WPScan Online
Membership level: Free member
Enumerate Wordpress Users (wpscan --url https://mce.nust.edu.pk/ --enumerate u --random-user-agent --force --max-scan-duration 60)
URL: https://mce.nust.edu.pk/ [2606:4700:20::681a:207]
Started: Fri Jul  4 05:07:41 2025

Interesting Finding(s):

Headers
 | Interesting Entries:
 |  - Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=M1TgjR13Gkjef1i19jfH6M22HxWifkNNj%2BNqo%2B76f0qHAl%2BKsoJ57cTijD%2FXaz54sVHf3OvQTGm55tPha7IN9jv1AawNVY2UwWnkW3xwgessqsNUsgjAQRsB"}]}
 |  - Server: cloudflare
 |  - X-Powered-By: ASP.NET
 |  - X-Powered-By-Plesk: PleskWin
 |  - Cf-Cache-Status: DYNAMIC
 |  - Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
 |  - CF-RAY: 959e808fdde47be6-LAX
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

robots.txt found: https://mce.nust.edu.pk/robots.txt
 | Interesting Entries:
 |  - /wp-admin/
 |  - /wp-admin/admin-ajax.php
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%

The external WP-Cron seems to be enabled: https://mce.nust.edu.pk/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

 No WPScan API Token given, as a result vulnerability data has not been output.
 You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

Finished: Fri Jul  4 05:08:25 2025
Requests Done: 27
Cached Requests: 5
Data Sent: 5.84 KB
Data Received: 263.577 KB
Memory used: 139.832 MB
Elapsed time: 00:00:43

Scan Aborted: JSON parsing error in /root/.wpscan/db/wp_fingerprints.json Max Scan Duration Reached
Trace: /usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/helper.rb:6:in `rescue in read_json_file'
/usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/helper.rb:3:in `read_json_file'
/usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/db/fingerprints.rb:43:in `wp_fingerprints'
/usr/local/share/gems/gems/wpscan-3.8.27/app/models/wp_version.rb:32:in `all'
/usr/local/share/gems/gems/wpscan-3.8.27/app/models/wp_version.rb:19:in `valid?'
/usr/local/share/gems/gems/wpscan-3.8.27/app/models/wp_version.rb:10:in `initialize'
/usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb:12:in `new'
/usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb:12:in `create_version'
/usr/local/share/gems/gems/wpscan-3.8.27/app/finders/wp_version/rss_generator.rb:22:in `block (2 levels) in process_urls'
/usr/local/share/gems/gems/nokogiri-1.17.2-x86_64-linux/lib/nokogiri/xml/node_set.rb:237:in `block in each'
/usr/local/share/gems/gems/nokogiri-1.17.2-x86_64-linux/lib/nokogiri/xml/node_set.rb:236:in `upto'
/usr/local/share/gems/gems/nokogiri-1.17.2-x86_64-linux/lib/nokogiri/xml/node_set.rb:236:in `each'
/usr/local/share/gems/gems/wpscan-3.8.27/app/finders/wp_version/rss_generator.rb:16:in `block in process_urls'
/usr/local/share/gems/gems/wpscan-3.8.27/app/finders/wp_version/rss_generator.rb:13:in `each'
/usr/local/share/gems/gems/wpscan-3.8.27/app/finders/wp_version/rss_generator.rb:13:in `process_urls'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/finder/smart_url_checker.rb:25:in `passive'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/base_finders.rb:31:in `run_finder'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/unique_finders.rb:22:in `block (2 levels) in run'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/unique_finders.rb:21:in `each'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/unique_finders.rb:21:in `block in run'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/unique_finders.rb:20:in `each'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/unique_finders.rb:20:in `run'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/independent_finder.rb:21:in `find'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/independent_finder.rb:12:in `find'
/usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/target.rb:42:in `wp_version'
/usr/local/share/gems/gems/wpscan-3.8.27/app/controllers/wp_version.rb:26:in `run'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/controllers.rb:50:in `each'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/controllers.rb:50:in `block in run'
/usr/local/share/gems/gems/timeout-0.4.0/lib/timeout.rb:186:in `block in timeout'
/usr/local/share/gems/gems/timeout-0.4.0/lib/timeout.rb:193:in `timeout'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/controllers.rb:45:in `run'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/scan.rb:24:in `run'
/tools/wpscan/bin/wpscan:17:in `block in <main>'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/scan.rb:15:in `initialize'
/tools/wpscan/bin/wpscan:6:in `new'
/tools/wpscan/bin/wpscan:6:in `<main>'
Color Scheme
Target
mce.nust.edu.pk
Scan method
Enumerate Wordpress Users
Run command
wpscan --url https://mce.nust.edu.pk/ --enumerate u --random-user-agent --force --max-scan-duration 60
Scan time
43s
Quick report
Order full scan ($19/one time)
Scan date
04 Jul 2025 08:08
Copy scan report
Download report
Remove scan result
$
Some firewalls blocks vulnerability scanners. For get true positive results add wpscan.online IP addresses (208.76.253.232-208.76.253.239 or CIDR 208.76.253.232/29 ) to the whitelist
[scan_method]
Visibility:
Scan method:
Max Scan duration: