WPScan – Black Box WordPress Security Scanner

WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites. WPScan is written in the Ruby programming language. The first version of WPScan was released on the 16th of June 2011.

WPScan - Black Box WordPress Security Scanner
WPScan – Black Box WordPress Security Scanner

Some of the features and detection capability with this scanner:

  • The version of WordPress installed and any associated vulnerabilities
  • What plugins are installed and any associated vulnerabilities
  • What themes are installed and any associated vulnerabilities
  • Username enumeration
  • Users with weak passwords via password brute forcing
  • Backed up and publicly accessible wp-config.php files
  • Database dumps that may be publicly accessible
  • If error logs are exposed by plugins
  • Media file enumeration
  • Vulnerable Timthumb files
  • If the WordPress readme file is present
  • If WP-Cron is enabled
  • If user registration is enabled
  • Full Path Disclose
  • Upload directory listing
  • And much more…

When enumerating the WordPress version, installed plugins or installed themes, you can use three different “modes”, which are:

  • passive
  • aggressive
  • mixed

If you want the most results use the “mixed” mode. However, if you are worried that the server may not be able to handle a large number of requests, use the “passive” mode. The default mode is “mixed”, with the exception of plugin enumeration, which is “passive”.

You can read more and download this tool over here: https://github.com/wpscanteam/wpscan

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments