Search This Blog

Powered by Blogger.

Blog Archive

Labels

WPScan v.1.1 is released, a WordPress Security vulnerability scanner

“WPScan is a WordPress Security vulnerability scanner which checks the security of WordPress installations using a black box approach, written in Ruby.

Details
  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, ...)

Changelog for WPScan v.1.1:

  • Detection for 750 more plugins.
  • Detection for 107 new plugin vulnerabilities.
  • Detection for 447 possible timthumb file locations.
  • Advanced version fingerprinting implemented.
  • Full Path Disclosure (FPD) checks.
  • Auto updates.
  • Progress indicators.
  • Improved custom 404 checking.
  • Improved plugin detection.
  • Improved error_log checking.
  • Lots of bugs fixed. Lots of small tweaks.
Download:
http://code.google.com/p/wpscan/
Share it:

PenTesting Tools

Software Release

Vulnerability Scanner