“WPScan is a WordPress Security vulnerability scanner which checks the security of WordPress installations using a black box approach, written in Ruby.
Details
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag and from client side files)
- Vulnerability enumeration (based on version)
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on plugin name)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, ...)
Changelog for WPScan v.1.1:
- Detection for 750 more plugins.
- Detection for 107 new plugin vulnerabilities.
- Detection for 447 possible timthumb file locations.
- Advanced version fingerprinting implemented.
- Full Path Disclosure (FPD) checks.
- Auto updates.
- Progress indicators.
- Improved custom 404 checking.
- Improved plugin detection.
- Improved error_log checking.
- Lots of bugs fixed. Lots of small tweaks.
http://code.google.com/p/wpscan/