Metasploit is the most powerful hacking framework currently. It allows for scanning, exploiting, and post-exploitation all in a single tool.

Everything said, I really do not use it that much except for hacking Windows systems since it lacks a lot of the newer exploits. However, the meterpreter payload for Windows is excelent and it is a generally a really good tool for learning.


Since it's a huge framework, the number of ways to use it are almost infinite. However, I will try to describe a normal usage to keep it short.

Note: you open the tool by executing "msfconsole"

Searching for a scanner
search wordpress scanner
Selecting a module
use auxiliary/scanner/http/wordpress_scanner
Get available module parameters
show options
Set module parameters
set RPORT 8080
set THREADS 30
Run the module


search wordpress scanner
Matching Modules

   #   Name                                                    Disclosure Date  Rank    Check  Description
   -   ----                                                    ---------------  ----    -----  -----------
   0   auxiliary/scanner/http/wp_abandoned_cart_sqli           2020-11-05       normal  No     Abandoned Cart for WooCommerce SQLi Scanner
   1   auxiliary/scanner/kademlia/server_info                                   normal  No     Gather Kademlia Server Information
   2   auxiliary/scanner/http/wordpress_login_enum                              normal  No     WordPress Brute Force and User Enumeration Utility
   3   auxiliary/scanner/http/wordpress_cp_calendar_sqli       2015-03-03       normal  No     WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner
   4   auxiliary/scanner/http/wp_chopslider_id_sqli            2020-05-12       normal  No     WordPress ChopSlider3 id SQLi Scanner
   5   auxiliary/scanner/http/wp_contus_video_gallery_sqli     2015-02-24       normal  No     WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner
   6   auxiliary/scanner/http/wp_dukapress_file_read                            normal  No     WordPress DukaPress Plugin File Read Vulnerability
   7   auxiliary/scanner/http/wp_duplicator_file_read          2020-02-19       normal  No     WordPress Duplicator File Read Vulnerability
   8   auxiliary/scanner/http/wp_easy_wp_smtp                  2020-12-06       normal  No     WordPress Easy WP SMTP Password Reset
   9   auxiliary/scanner/http/wp_email_sub_news_sqli           2019-11-13       normal  No     WordPress Email Subscribers and Newsletter Hash SQLi Scanner
   10  auxiliary/scanner/http/wp_gimedia_library_file_read                      normal  No     WordPress GI-Media Library Plugin Directory Traversal Vulnerability
   11  auxiliary/scanner/http/wp_loginizer_log_sqli            2020-10-21       normal  No     WordPress Loginizer log SQLi Scanner
   12  auxiliary/scanner/http/wp_mobileedition_file_read                        normal  No     WordPress Mobile Edition File Read Vulnerability
   13  auxiliary/scanner/http/wp_mobile_pack_info_disclosure                    normal  No     WordPress Mobile Pack Information Disclosure Vulnerability
   14  auxiliary/scanner/http/wp_nextgen_galley_file_read                       normal  No     WordPress NextGEN Gallery Directory Read Vulnerability
   15  auxiliary/scanner/http/wordpress_content_injection      2017-02-01       normal  Yes    WordPress REST API Content Injection
   16  auxiliary/scanner/http/wp_simple_backup_file_read                        normal  No     WordPress Simple Backup File Read Vulnerability
   17  auxiliary/scanner/http/wp_subscribe_comments_file_read                   normal  No     WordPress Subscribe Comments File Read Vulnerability
   18  auxiliary/scanner/http/wp_total_upkeep_downloader       2020-12-12       normal  No     WordPress Total Upkeep Unauthenticated Backup Downloader
   19  auxiliary/scanner/http/wordpress_ghost_scanner                           normal  No     WordPress XMLRPC GHOST Vulnerability Scanner
   20  auxiliary/scanner/http/wp_arbitrary_file_deletion       2018-06-26       normal  No     Wordpress Arbitrary File Deletion
   21  auxiliary/scanner/http/wp_learnpress_sqli               2020-04-29       normal  No     Wordpress LearnPress current_items Authenticated SQLi
   22  auxiliary/scanner/http/wordpress_pingback_access                         normal  No     Wordpress Pingback Locator
   23  auxiliary/scanner/http/wordpress_scanner                                 normal  No     Wordpress Scanner
   24  auxiliary/scanner/http/wordpress_xmlrpc_login                            normal  No     Wordpress XML-RPC Username/Password Login Scanner
   25  auxiliary/scanner/http/wordpress_multicall_creds                         normal  No     Wordpress XML-RPC system.multicall Credential Collector
Get available module parameters
Module options (auxiliary/scanner/http/wordpress_scanner):

   Name                 Current Setting                                            Required  Description
   ----                 ---------------                                            --------  -----------
   EXPLOITABLE          true                                                       no        Only scan plugins and themes which a MSF module exists for
   EXPLOITABLE_PLUGINS  /opt/metasploit/data/wordlists/wp-exploitable-plugins.txt  yes       File containing exploitable by MSF plugins
   EXPLOITABLE_THEMES   /opt/metasploit/data/wordlists/wp-exploitable-themes.txt   yes       File containing exploitable by MSF themes
   PLUGINS              true                                                       no        Detect plugins
   PLUGINS_FILE         /opt/metasploit/data/wordlists/wp-plugins.txt              yes       File containing plugins to enumerate
   PROGRESS             1000                                                       yes       how often to print progress
   Proxies                                                                         no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS                                                                          yes       The target host(s), see
   RPORT                80                                                         yes       The target port (TCP)
   SSL                  false                                                      no        Negotiate SSL/TLS for outgoing connections
   TARGETURI            /                                                          yes       The base path to the wordpress application
   THEMES               true                                                       no        Detect themes
   THEMES_FILE          /opt/metasploit/data/wordlists/wp-themes.txt               yes       File containing themes to enumerate
   THREADS              1                                                          yes       The number of concurrent threads (max one per host)
   VHOST                                                                           no        HTTP server virtual host
Full example usage
msf6 auxiliary(scanner/http/wordpress_scanner) > use auxiliary/scanner/http/dir_scanner
msf6 auxiliary(scanner/http/dir_scanner) > show options

Module options (auxiliary/scanner/http/dir_scanner):

   Name        Current Setting                          Required  Description
   ----        ---------------                          --------  -----------
   DICTIONARY  /opt/metasploit/data/wmap/wmap_dirs.txt  no        Path of word dictionary to use
   PATH        /                                        yes       The path  to identify files
   Proxies                                              no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS                                               yes       The target host(s), see
   RPORT       80                                       yes       The target port (TCP)
   SSL         false                                    no        Negotiate SSL/TLS for outgoing connections
   THREADS     1                                        yes       The number of concurrent threads (max one per host)
   VHOST                                                no        HTTP server virtual host

msf6 auxiliary(scanner/http/dir_scanner) > set RHOSTS
msf6 auxiliary(scanner/http/dir_scanner) > set RPORT 8080
RPORT => 8080
msf6 auxiliary(scanner/http/dir_scanner) > exploit

[*] Detecting error code
[*] Using code '404' as not found for
[+] Found[SecCheck]/ 400 (
[+] Found 500 (
[+] Found 200 (
[+] Found 302 (
[+] Found 200 (
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed