Metasploit is the most powerful hacking framework currently. It allows for scanning, exploiting, and post-exploitation all in a single tool.
Everything said, I really do not use it that much except for hacking Windows systems since it lacks a lot of the newer exploits. However, the meterpreter payload for Windows is excelent and it is a generally a really good tool for learning.
Since it's a huge framework, the number of ways to use it are almost infinite. However, I will try to describe a normal usage to keep it short.
Note: you open the tool by executing "msfconsole"
search wordpress scanner
use auxiliary/scanner/http/wordpress_scanner
show options
set RHOSTS 192.168.1.15
set RPORT 8080
set TARGETURI /
set THREADS 30
exploit
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 auxiliary/scanner/http/wp_abandoned_cart_sqli 2020-11-05 normal No Abandoned Cart for WooCommerce SQLi Scanner
1 auxiliary/scanner/kademlia/server_info normal No Gather Kademlia Server Information
2 auxiliary/scanner/http/wordpress_login_enum normal No WordPress Brute Force and User Enumeration Utility
3 auxiliary/scanner/http/wordpress_cp_calendar_sqli 2015-03-03 normal No WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner
4 auxiliary/scanner/http/wp_chopslider_id_sqli 2020-05-12 normal No WordPress ChopSlider3 id SQLi Scanner
5 auxiliary/scanner/http/wp_contus_video_gallery_sqli 2015-02-24 normal No WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner
6 auxiliary/scanner/http/wp_dukapress_file_read normal No WordPress DukaPress Plugin File Read Vulnerability
7 auxiliary/scanner/http/wp_duplicator_file_read 2020-02-19 normal No WordPress Duplicator File Read Vulnerability
8 auxiliary/scanner/http/wp_easy_wp_smtp 2020-12-06 normal No WordPress Easy WP SMTP Password Reset
9 auxiliary/scanner/http/wp_email_sub_news_sqli 2019-11-13 normal No WordPress Email Subscribers and Newsletter Hash SQLi Scanner
10 auxiliary/scanner/http/wp_gimedia_library_file_read normal No WordPress GI-Media Library Plugin Directory Traversal Vulnerability
11 auxiliary/scanner/http/wp_loginizer_log_sqli 2020-10-21 normal No WordPress Loginizer log SQLi Scanner
12 auxiliary/scanner/http/wp_mobileedition_file_read normal No WordPress Mobile Edition File Read Vulnerability
13 auxiliary/scanner/http/wp_mobile_pack_info_disclosure normal No WordPress Mobile Pack Information Disclosure Vulnerability
14 auxiliary/scanner/http/wp_nextgen_galley_file_read normal No WordPress NextGEN Gallery Directory Read Vulnerability
15 auxiliary/scanner/http/wordpress_content_injection 2017-02-01 normal Yes WordPress REST API Content Injection
16 auxiliary/scanner/http/wp_simple_backup_file_read normal No WordPress Simple Backup File Read Vulnerability
17 auxiliary/scanner/http/wp_subscribe_comments_file_read normal No WordPress Subscribe Comments File Read Vulnerability
18 auxiliary/scanner/http/wp_total_upkeep_downloader 2020-12-12 normal No WordPress Total Upkeep Unauthenticated Backup Downloader
19 auxiliary/scanner/http/wordpress_ghost_scanner normal No WordPress XMLRPC GHOST Vulnerability Scanner
20 auxiliary/scanner/http/wp_arbitrary_file_deletion 2018-06-26 normal No Wordpress Arbitrary File Deletion
21 auxiliary/scanner/http/wp_learnpress_sqli 2020-04-29 normal No Wordpress LearnPress current_items Authenticated SQLi
22 auxiliary/scanner/http/wordpress_pingback_access normal No Wordpress Pingback Locator
23 auxiliary/scanner/http/wordpress_scanner normal No Wordpress Scanner
24 auxiliary/scanner/http/wordpress_xmlrpc_login normal No Wordpress XML-RPC Username/Password Login Scanner
25 auxiliary/scanner/http/wordpress_multicall_creds normal No Wordpress XML-RPC system.multicall Credential Collector
Module options (auxiliary/scanner/http/wordpress_scanner):
Name Current Setting Required Description
---- --------------- -------- -----------
EXPLOITABLE true no Only scan plugins and themes which a MSF module exists for
EXPLOITABLE_PLUGINS /opt/metasploit/data/wordlists/wp-exploitable-plugins.txt yes File containing exploitable by MSF plugins
EXPLOITABLE_THEMES /opt/metasploit/data/wordlists/wp-exploitable-themes.txt yes File containing exploitable by MSF themes
PLUGINS true no Detect plugins
PLUGINS_FILE /opt/metasploit/data/wordlists/wp-plugins.txt yes File containing plugins to enumerate
PROGRESS 1000 yes how often to print progress
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes The base path to the wordpress application
THEMES true no Detect themes
THEMES_FILE /opt/metasploit/data/wordlists/wp-themes.txt yes File containing themes to enumerate
THREADS 1 yes The number of concurrent threads (max one per host)
VHOST no HTTP server virtual host
msf6 auxiliary(scanner/http/wordpress_scanner) > use auxiliary/scanner/http/dir_scanner
msf6 auxiliary(scanner/http/dir_scanner) > show options
Module options (auxiliary/scanner/http/dir_scanner):
Name Current Setting Required Description
---- --------------- -------- -----------
DICTIONARY /opt/metasploit/data/wmap/wmap_dirs.txt no Path of word dictionary to use
PATH / yes The path to identify files
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
THREADS 1 yes The number of concurrent threads (max one per host)
VHOST no HTTP server virtual host
msf6 auxiliary(scanner/http/dir_scanner) > set RHOSTS 127.0.0.1
RHOSTS => 127.0.0.1
msf6 auxiliary(scanner/http/dir_scanner) > set RPORT 8080
RPORT => 8080
msf6 auxiliary(scanner/http/dir_scanner) > exploit
[*] Detecting error code
[*] Using code '404' as not found for 127.0.0.1
[+] Found http://127.0.0.1:8080/[SecCheck]/ 400 (127.0.0.1)
[+] Found http://127.0.0.1:8080/error/ 500 (127.0.0.1)
[+] Found http://127.0.0.1:8080/home/ 200 (127.0.0.1)
[+] Found http://127.0.0.1:8080/logout/ 302 (127.0.0.1)
[+] Found http://127.0.0.1:8080/users/ 200 (127.0.0.1)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed