From 35470b8404881da3a99b6e33e4f92bb53f8d05bb Mon Sep 17 00:00:00 2001
From: Ryan Dewhurst <ryandewhurst@gmail.com>
Date: Fri, 1 May 2020 12:13:12 +0200
Subject: [PATCH] Updated WPScan User Documentation (markdown)

---
 WPScan-User-Documentation.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/WPScan-User-Documentation.md b/WPScan-User-Documentation.md
index 6ec4bf6..98fc985 100644
--- a/WPScan-User-Documentation.md
+++ b/WPScan-User-Documentation.md
@@ -6,6 +6,25 @@ WPScan is a free, for non-commercial use, black box WordPress vulnerability scan
 
 WPScan is written in the Ruby programming language. The first version of WPScan was released on the [16th of June 2011](https://blog.dewhurstsecurity.com/2011/06/16/introducing-wpscan-wordpress-security-scanner.html).
 
+## What can WPScan check for?
+
+- The version of WordPress installed and any associated vulnerabilities
+- What plugins are installed and any associated vulnerabilities
+- What themes are installed and any associated vulnerabilities
+- Username enumeration
+- Users with weak passwords via password brute forcing
+- Backed up and publicly accessible wp-config.php files
+- Database dumps that may be publicly accessible
+- If error logs are exposed by plugins
+- Media file enumeration
+- Vulnerable Timthumb files
+- If the WordPress readme file is present
+- If WP-Cron is enabled
+- If user registration is enabled
+- Full Path Disclose
+- Upload directory listing
+- And much more...
+
 ## Installation
 
 ### Ruby Gem