Metasploit is the most powerful hacking framework currently. It allows for scanning, exploiting, and post-exploitation all in a single tool.
Everything said, I really do not use it that much except for hacking Windows systems since it lacks a lot of the newer exploits. However, the meterpreter payload for Windows is excelent and it is a generally a really good tool for learning.
Since it's a huge framework, the number of ways to use it are almost infinite. However, I will try to describe a normal usage to keep it short.
Note: you open the tool by executing "msfconsole"
search wordpress scanner
set RHOSTS 192.168.1.15 set RPORT 8080 set TARGETURI / set THREADS 30
Matching Modules ================ # Name Disclosure Date Rank Check Description - ---- --------------- ---- ----- ----------- 0 auxiliary/scanner/http/wp_abandoned_cart_sqli 2020-11-05 normal No Abandoned Cart for WooCommerce SQLi Scanner 1 auxiliary/scanner/kademlia/server_info normal No Gather Kademlia Server Information 2 auxiliary/scanner/http/wordpress_login_enum normal No WordPress Brute Force and User Enumeration Utility 3 auxiliary/scanner/http/wordpress_cp_calendar_sqli 2015-03-03 normal No WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner 4 auxiliary/scanner/http/wp_chopslider_id_sqli 2020-05-12 normal No WordPress ChopSlider3 id SQLi Scanner 5 auxiliary/scanner/http/wp_contus_video_gallery_sqli 2015-02-24 normal No WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner 6 auxiliary/scanner/http/wp_dukapress_file_read normal No WordPress DukaPress Plugin File Read Vulnerability 7 auxiliary/scanner/http/wp_duplicator_file_read 2020-02-19 normal No WordPress Duplicator File Read Vulnerability 8 auxiliary/scanner/http/wp_easy_wp_smtp 2020-12-06 normal No WordPress Easy WP SMTP Password Reset 9 auxiliary/scanner/http/wp_email_sub_news_sqli 2019-11-13 normal No WordPress Email Subscribers and Newsletter Hash SQLi Scanner 10 auxiliary/scanner/http/wp_gimedia_library_file_read normal No WordPress GI-Media Library Plugin Directory Traversal Vulnerability 11 auxiliary/scanner/http/wp_loginizer_log_sqli 2020-10-21 normal No WordPress Loginizer log SQLi Scanner 12 auxiliary/scanner/http/wp_mobileedition_file_read normal No WordPress Mobile Edition File Read Vulnerability 13 auxiliary/scanner/http/wp_mobile_pack_info_disclosure normal No WordPress Mobile Pack Information Disclosure Vulnerability 14 auxiliary/scanner/http/wp_nextgen_galley_file_read normal No WordPress NextGEN Gallery Directory Read Vulnerability 15 auxiliary/scanner/http/wordpress_content_injection 2017-02-01 normal Yes WordPress REST API Content Injection 16 auxiliary/scanner/http/wp_simple_backup_file_read normal No WordPress Simple Backup File Read Vulnerability 17 auxiliary/scanner/http/wp_subscribe_comments_file_read normal No WordPress Subscribe Comments File Read Vulnerability 18 auxiliary/scanner/http/wp_total_upkeep_downloader 2020-12-12 normal No WordPress Total Upkeep Unauthenticated Backup Downloader 19 auxiliary/scanner/http/wordpress_ghost_scanner normal No WordPress XMLRPC GHOST Vulnerability Scanner 20 auxiliary/scanner/http/wp_arbitrary_file_deletion 2018-06-26 normal No Wordpress Arbitrary File Deletion 21 auxiliary/scanner/http/wp_learnpress_sqli 2020-04-29 normal No Wordpress LearnPress current_items Authenticated SQLi 22 auxiliary/scanner/http/wordpress_pingback_access normal No Wordpress Pingback Locator 23 auxiliary/scanner/http/wordpress_scanner normal No Wordpress Scanner 24 auxiliary/scanner/http/wordpress_xmlrpc_login normal No Wordpress XML-RPC Username/Password Login Scanner 25 auxiliary/scanner/http/wordpress_multicall_creds normal No Wordpress XML-RPC system.multicall Credential Collector
Module options (auxiliary/scanner/http/wordpress_scanner): Name Current Setting Required Description ---- --------------- -------- ----------- EXPLOITABLE true no Only scan plugins and themes which a MSF module exists for EXPLOITABLE_PLUGINS /opt/metasploit/data/wordlists/wp-exploitable-plugins.txt yes File containing exploitable by MSF plugins EXPLOITABLE_THEMES /opt/metasploit/data/wordlists/wp-exploitable-themes.txt yes File containing exploitable by MSF themes PLUGINS true no Detect plugins PLUGINS_FILE /opt/metasploit/data/wordlists/wp-plugins.txt yes File containing plugins to enumerate PROGRESS 1000 yes how often to print progress Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit RPORT 80 yes The target port (TCP) SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / yes The base path to the wordpress application THEMES true no Detect themes THEMES_FILE /opt/metasploit/data/wordlists/wp-themes.txt yes File containing themes to enumerate THREADS 1 yes The number of concurrent threads (max one per host) VHOST no HTTP server virtual host
msf6 auxiliary(scanner/http/wordpress_scanner) > use auxiliary/scanner/http/dir_scanner msf6 auxiliary(scanner/http/dir_scanner) > show options Module options (auxiliary/scanner/http/dir_scanner): Name Current Setting Required Description ---- --------------- -------- ----------- DICTIONARY /opt/metasploit/data/wmap/wmap_dirs.txt no Path of word dictionary to use PATH / yes The path to identify files Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit RPORT 80 yes The target port (TCP) SSL false no Negotiate SSL/TLS for outgoing connections THREADS 1 yes The number of concurrent threads (max one per host) VHOST no HTTP server virtual host msf6 auxiliary(scanner/http/dir_scanner) > set RHOSTS 127.0.0.1 RHOSTS => 127.0.0.1 msf6 auxiliary(scanner/http/dir_scanner) > set RPORT 8080 RPORT => 8080 msf6 auxiliary(scanner/http/dir_scanner) > exploit [*] Detecting error code [*] Using code '404' as not found for 127.0.0.1 [+] Found http://127.0.0.1:8080/[SecCheck]/ 400 (127.0.0.1) [+] Found http://127.0.0.1:8080/error/ 500 (127.0.0.1) [+] Found http://127.0.0.1:8080/home/ 200 (127.0.0.1) [+] Found http://127.0.0.1:8080/logout/ 302 (127.0.0.1) [+] Found http://127.0.0.1:8080/users/ 200 (127.0.0.1) [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed