Hi Alan,
Sure, here you are 2 examples, with passive checks and aggressive mode. The difference between using the aggressive mode is that I retrieve a new user.
Non-aggressive scan: ./wpscan -e u --url=<yourWebsiteURL>
[+] Enumerating Users (via Passive Methods)
[i] User(s) Identified:
[+] John
| Found By: Rss Generator (Passive Detection)
[+] Bot
| Found By: Rss Generator (Passive Detection)
Aggressive scan: ./wpscan --detection-mode aggressive -e u --url=<yourWebsiteURL>
[+] Enumerating Users (via Aggressive Methods)
Brute Forcing Author IDs - Time: 00:00:01 <=======================================================================================================> (10 / 10) 100.00% Time: 00:00:01
[i] User(s) Identified:
[+] user
| Found By: Oembed API - Author URL (Aggressive Detection)
| - <yourWebsiteURL>/wp-json/oembed/1.0/embed?url=<yourWebsiteURL>/&format=json
[+] John
| Found By: Rss Generator (Aggressive Detection)
[+] Bot
| Found By: Rss Generator (Aggressive Detection)
KR,
