42% of the websites in the world use WordPress, there are some easy-to-use tools that can be useful when analyzing websites that use the WordPress platform to be designed and basically function.
it is important to know OSINT methods and tools to find useful information about websites that use the platform called WordPress.
There are tools on the internet to achieve this goal, such as the website called hackertarget that has a scan for WordPress websites.
There are other WordPress Scanner tools to extract information from WordPress websites. the websites called wpsec, pentest-tools and finally hackertarget. In this case we will use the tool from the hackertarget website.
By running the scan of any website that uses WordPress, you will be able to access a lot of information on the website. including users, plugins, theme and other information
information that you can collect with OSINT methods:
- WordPress version
- IP Address
- Hosting provider
- web server
- Plugin Lists
- users lists (User Enumeration)
- WordPress Theme
- Directory Indexing
- Javascript Resources
Most important information when doing a wordpress scan:
A scan of a WordPress website can give you a lot of information, but there is certain information that is more important and that needs to be paid attention to. In this case there are 2 things where an OSINT researcher has to pay attention when analyzing a website with WordPress.
Username lists (User Enumeration):
User enumeration is the tactic of viewing the registration of users who have an account on WordPress sites. This will provide usernames that can be tracked with OSINT methods.
You will also get the name of users who have administrator permissions, and with the WordPress login you will be able to have the name of the user with which the administrator logs in to the admin panel.
see vulnerabilities in wordpress websites:
Seeing the vulnerabilities of a WordPress website is very important, since you could use OSINT techniques to access information from vulnerable plugins or information from the admin panel.
Depending on the vulnerability and how severe it is, information such as the website administrator’s email or other information such as a remote connection to the server could be accessed.
Personally, I don’t recommend doing this. In many countries if someone does this they could have legal problems since you would be accessing information that would be considered confidential. Unless you have a court order I don’t recommend doing this.
I would only use this information if you find an extremely illegal website. Since if you get useful information for the authorities, they will thank you.
WP SCAN – the best OSINT tool for wordpress:
wp scan is a wordpress tool programmed with the ruby programming language that can be run in a console or terminal on a linux-based operating system or an operating system that has a plugin with ruby and linux.
This tool is for advanced users in OSINT and computing. with experience in linux and linux terminal commands. An installation tutorial and how this advanced tool works will be published soon.