GitBook: [master] one page modified

Author: carlospolop

pentesting/pentesting-web/wordpress.md

@@ -251,7 +251,7 @@ This tool checks if the **methodName: pingback.ping** and for the path **/wp-jso
 
 ```bash
 cmsmap -s http://www.domain.com -t 2 -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
-wpscan --rua --enumerate --url http://www.domain.com --api-token <API_TOKEN> --passwords /usr/share/wordlists/external/SecLists/Passwords/probable-v2-top1575.txt #Brute force found users and search for vulnerabilities using a free API token (up 50 searchs)
+wpscan --rua -e ap,at,tt,cb,dbe,u,m --url http://www.domain.com --api-token <API_TOKEN> --passwords /usr/share/wordlists/external/SecLists/Passwords/probable-v2-top1575.txt #Brute force found users and search for vulnerabilities using a free API token (up 50 searchs)
 #You can try to bruteforce the admin user using wpscan with "-U admin"
 ```