This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using WPScan is one of the methods of gaining access to an account by brute force usernames and password. But in order for us to initiate the brute force method, we have to first obtain a valid username, and then brute force it with a password list. But in this post, we will focus on the enumeration of usernames.

To enumerate the users, type:

$ wpscan –url target –enumerate u

In this case, our target is https://pentest.id

After the scan is done, we could see a list of usernames that the wpscan obtained. From the result above, a valid username seems to be apietz.