In this section we will talk about how to enumerate our target using WPScan. So, what is enumeration? According to Tutorialspoint.com, Enumeration belongs to the first phase of Ethical Hacking, i.e., “Information Gathering”. This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further. In a nutshell, enumeration can be used to gather information.

Now, we will do enumeration using WPScan.

1. WPScan is a WordPress vulnerability scanner. This is one of the common tools to do enumeration. In this tutorial, we will target jo1.pentest.id and look for the username. To use WPScan you need to run your Kali terminal and type WPScan. Then type wpscan –random-agent –url https://jo1.pentest.id –enumerate u
2. After you press enter, it will take a while to gather our target information (username). Don’t worry, just relax and wait. As you can see, when it has finished scanning the target, it will show(s) you the result of your scanning.
   
3. Now that we know the admin username, we can try to brute forcing our target’s password using a wordlist (you can download any wordlist on the internet). After you have your own wordlist run your terminal again. Then type
   wpscan –random-agent –url https://jo1.pentest.id –username adminjo –wordlist=/root/pass
4. Now you can see the scanning result, and you will get your target’s password by using the brute force technique.
   

Best regards,

KASUR TEAM
2001586205     Andriana Pratama Putra
2001622614     Veber Sormin