Wordpress is the most popular CSM currently, written in PHP. WPScan is an automated tool that scans for vulnerabilities and retrieves critical data like usernames or exposed endpoints. It's very straight forward to use but you do need some knowledge about what the output means.
WPScan accepts different ways to operate, from scanning to bruteforcing. I will try to mention all useful ways to use it.
wpscan --url https://www.example.com
wpscan --url https://www.example.com -enumerate u
$sudo nmap 192.168.1.1/24 -sn
wpscan --url https://www.example.com --usernames usernames.txt --passwords passwords.txt
_______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ ® \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 3.8.20 Sponsored by Automattic - https://automattic.com/ @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart _______________________________________________________________ [+] URL: https://www.example.com/ [127.0.0.1] [+] Started: Tue Dec 21 19:50:47 2021 Interesting Finding(s): [+] Headers | Interesting Entries: | - Server: Apache | - X-UA-Compatible: IE=edge | Found By: Headers (Passive Detection) | Confidence: 100% [+] robots.txt found: https://www.example.com/robots.txt | Interesting Entries: | - /wp-admin/ | - /wp-admin/admin-ajax.php | Found By: Robots Txt (Aggressive Detection) | Confidence: 100% [+] WordPress readme found: https://www.example.com/readme.html | Found By: Direct Access (Aggressive Detection) | Confidence: 100% [+] This site has 'Must Use Plugins': https://www.example.com/wp-content/mu-plugins/ | Found By: Direct Access (Aggressive Detection) | Confidence: 80% | Reference: http://codex.wordpress.org/Must_Use_Plugins [+] Registration is enabled: https://www.example.com/wp-login.php?action=register | Found By: Direct Access (Aggressive Detection) | Confidence: 100% [+] The external WP-Cron seems to be enabled: https://www.example.com/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 [+] WordPress version 5.8.2 identified (Latest, released on 2021-11-10). | Found By: Style Etag (Aggressive Detection) | - https://www.example.com/wp-admin/load-styles.php, Match: '5.8.2' | Confirmed By: Query Parameter In Install Page (Aggressive Detection) | - https://www.example.com/wp-includes/css/dashicons.min.css?ver=5.8.2 | - https://www.example.com/wp-includes/css/buttons.min.css?ver=5.8.2 | - https://www.example.com/wp-admin/css/forms.min.css?ver=5.8.2 | - https://www.example.com/wp-admin/css/l10n.min.css?ver=5.8.2 | - https://www.example.com/wp-admin/css/install.min.css?ver=5.8.2 ^C[!] No WPScan API Token given, as a result vulnerability data has not been output. [!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register [+] Finished: Tue Dec 21 19:51:02 2021 [+] Requests Done: 41 [+] Cached Requests: 7 [+] Data Sent: 11.241 KB [+] Data Received: 764.284 KB [+] Memory used: 178.977 MB [+] Elapsed time: 00:00:14