WpScan

The WPScan CLI tool is a free, for non-commercial use, black box WordPress security scanner

wpscan --url http://$(target)/wordpress

wpscan --url http://$(target)/wordpress --api-token=.....

wpscan --url http://$(target)/wordpress --passwords /usr/share/wordlists/rockyou.txt --usernames 'support' | tee wpscan_login.txt