GOOGLE • Data mining: site:target.com filetype:doc • SQL Injection/DB identification: site:target.com "supplied argument is not a valid MySQL” • For more check “Exploit Database”: https://www.exploit-db.com/
WPSCAN First of all, update WPscan database: wpscan --update Quickscan (may require `sudo` on Ubuntu) only enumerate vulnerable plugins: wpscan -u domaintocheck.com -e vp
WPSCAN Most popular plugins with plugin folder given (more accurate results): wpscan -u domaintocheck.com -e p --wp-plugins-dir content/plugins/ WPscan can also ‘brute force’ using dictionaries with passwords : wpscan -u domaintocheck.com --wordlist popularpass.txt --username admin
ZAP PROXY QUICK SCAN • Might be a good idea to persist your session for future reference • Be sure you have plenty of memory and space as these sessions can grow quite large (200mb-500mb is standard)
SQLMAP Once you have a suspect parameter for injection: sqlmap -u “http://domaintocheck.com/search?search=1” --threads=3 --risk=2 --level=2 If you know your target platform (say MySQL) and want only table names, you can speedup the process: sqlmap -u "http://domaintocheck.com/search?search=1" --threads=3 --risk=2 --level=2 --tables --dbms=MySQL