Wpscan is a powerful tool. In the previous post, we tried using wpscan to enumerate user, but we can also use wpscan to crack the password automatically based on a password list.
In kali, there is a preset password list that comes up after the installation located inĀ /usr/share/wordlists/rockyou.txt
To use wpscan, just type the following command :
wpscan -U INSERT_USERNAME --url INSERT_TARGET_URL -P /usr/share/wordlists/rockyou.txt.
Then when we found the password, it will stop the process and tell you the password. If the process is done, it will stop when the password list is finished.