Introduction
WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.
Download
Please download the latest WPScan from our Subversion (SVN) code repository by issuing the following command:
svn checkout http://wpscan.googlecode.com/svn/trunk/ ./wpscan
Details
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag and from client side files)
- Vulnerability enumeration (based on version)
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on plugin name)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, ...)