Enumerate WP Plugins Without WPScan
I'm trying to find a way to enum wp plugins without relying on wpscan (as the title indicates) I know there are other ways to go about doing it, but a lot of my searches just point me back to wpscan. I've seen, for example, that you can sometimes find changelogs that show updates on wordpress plugins which of course would disclose the plugin name and version, but are there other methods available that I'm not aware of? (as reference https://twitter.com/zackwhittaker/status...4954795009 but I feel like that specific to that plugin, so... meh)
Out of curiosity, why are you avoiding wpscan? Only reason I can think about is to avoid any noisy logs I guess. But all the same, I think you would save yourself a lot of time if you used than rather than doing your own manual enumation.

Regardless :p I looked it up too and I did find some interesting stuff you might be interested in:

Passive info gathering: http://warolv.net/blog/2017/05/22/wordpr...gathering/

Also maybe another alternative to wpscan is to enumerate via nmap?
nmap -sV --script http-wordpress-enum --script-args limit=25

Not exactly silent to most logs though.
(03-09-2018, 01:58 AM)Insider Wrote: -Snip-

Thanks for the articles, that was exactly what I was looking for! Also I'm mainly avoiding it because I hate using automated scans without understanding how they work on a fundamental level. Not only that, but of course manual testing will often find things automated tools will miss Smile

Possibly Related Threads…
Thread Author Replies Views Last Post
  hacking a pc on a network without physical access 4n0nz3r0 4 3,967 03-08-2018, 09:03 PM
Last Post: 4n0nz3r0
  Breaking into a WordPress site without knowing WP/PHP or InfoSec at all D/L 2 4,917 10-06-2016, 05:43 AM
Last Post: NO-OP