Enumerate Wordpress Users (wpscan --url https://mce.nust.edu.pk/ --enumerate u --random-user-agent --force --max-scan-duration 60)
URL: https://mce.nust.edu.pk/ [2606:4700:20::681a:207]
Started: Fri Jul 4 05:07:41 2025
Interesting Finding(s):
Headers
| Interesting Entries:
| - Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=M1TgjR13Gkjef1i19jfH6M22HxWifkNNj%2BNqo%2B76f0qHAl%2BKsoJ57cTijD%2FXaz54sVHf3OvQTGm55tPha7IN9jv1AawNVY2UwWnkW3xwgessqsNUsgjAQRsB"}]}
| - Server: cloudflare
| - X-Powered-By: ASP.NET
| - X-Powered-By-Plesk: PleskWin
| - Cf-Cache-Status: DYNAMIC
| - Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
| - CF-RAY: 959e808fdde47be6-LAX
| Found By: Headers (Passive Detection)
| Confidence: 100%
robots.txt found: https://mce.nust.edu.pk/robots.txt
| Interesting Entries:
| - /wp-admin/
| - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
The external WP-Cron seems to be enabled: https://mce.nust.edu.pk/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
No WPScan API Token given, as a result vulnerability data has not been output.
You can get a free API token with 25 daily requests by registering at https://wpscan.com/register
Finished: Fri Jul 4 05:08:25 2025
Requests Done: 27
Cached Requests: 5
Data Sent: 5.84 KB
Data Received: 263.577 KB
Memory used: 139.832 MB
Elapsed time: 00:00:43
Scan Aborted: JSON parsing error in /root/.wpscan/db/wp_fingerprints.json Max Scan Duration Reached
Trace: /usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/helper.rb:6:in `rescue in read_json_file'
/usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/helper.rb:3:in `read_json_file'
/usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/db/fingerprints.rb:43:in `wp_fingerprints'
/usr/local/share/gems/gems/wpscan-3.8.27/app/models/wp_version.rb:32:in `all'
/usr/local/share/gems/gems/wpscan-3.8.27/app/models/wp_version.rb:19:in `valid?'
/usr/local/share/gems/gems/wpscan-3.8.27/app/models/wp_version.rb:10:in `initialize'
/usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb:12:in `new'
/usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb:12:in `create_version'
/usr/local/share/gems/gems/wpscan-3.8.27/app/finders/wp_version/rss_generator.rb:22:in `block (2 levels) in process_urls'
/usr/local/share/gems/gems/nokogiri-1.17.2-x86_64-linux/lib/nokogiri/xml/node_set.rb:237:in `block in each'
/usr/local/share/gems/gems/nokogiri-1.17.2-x86_64-linux/lib/nokogiri/xml/node_set.rb:236:in `upto'
/usr/local/share/gems/gems/nokogiri-1.17.2-x86_64-linux/lib/nokogiri/xml/node_set.rb:236:in `each'
/usr/local/share/gems/gems/wpscan-3.8.27/app/finders/wp_version/rss_generator.rb:16:in `block in process_urls'
/usr/local/share/gems/gems/wpscan-3.8.27/app/finders/wp_version/rss_generator.rb:13:in `each'
/usr/local/share/gems/gems/wpscan-3.8.27/app/finders/wp_version/rss_generator.rb:13:in `process_urls'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/finder/smart_url_checker.rb:25:in `passive'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/base_finders.rb:31:in `run_finder'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/unique_finders.rb:22:in `block (2 levels) in run'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/unique_finders.rb:21:in `each'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/unique_finders.rb:21:in `block in run'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/unique_finders.rb:20:in `each'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/unique_finders.rb:20:in `run'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/independent_finder.rb:21:in `find'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/finders/independent_finder.rb:12:in `find'
/usr/local/share/gems/gems/wpscan-3.8.27/lib/wpscan/target.rb:42:in `wp_version'
/usr/local/share/gems/gems/wpscan-3.8.27/app/controllers/wp_version.rb:26:in `run'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/controllers.rb:50:in `each'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/controllers.rb:50:in `block in run'
/usr/local/share/gems/gems/timeout-0.4.0/lib/timeout.rb:186:in `block in timeout'
/usr/local/share/gems/gems/timeout-0.4.0/lib/timeout.rb:193:in `timeout'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/controllers.rb:45:in `run'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/scan.rb:24:in `run'
/tools/wpscan/bin/wpscan:17:in `block in <main>'
/usr/local/share/gems/gems/cms_scanner-0.14.3/lib/cms_scanner/scan.rb:15:in `initialize'
/tools/wpscan/bin/wpscan:6:in `new'
/tools/wpscan/bin/wpscan:6:in `<main>'
Color Scheme
-
Target
mce.nust.edu.pk
-
Scan method
Enumerate Wordpress Users
-
Run command
wpscan --url https://mce.nust.edu.pk/ --enumerate u --random-user-agent --force --max-scan-duration 60
-
Scan time
-
Quick report
-
Scan date
04 Jul 2025 08:08
-
Copy scan report
-
Download report
-
Remove scan result
We use cookies to ensure you get the best experience on our website.
Cookie policy