WPScan - WordPress Security Scanner



WPScan is a black box WordPress vulnerability scanner.

Features

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, …)
Prerequisites:
  • Windows not supported
  • Ruby >= 1.9.2 – Recommended: 1.9.3
  • Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
  • RubyGems – Recommended: latest
  • Git

Changelog v2.4

New
  • ‘–batch’ switch option added – Fix #454
  • Add random-agent
  • Added more CLI options
  • Switch over to nist – Fix #301
  • New choice added when a redirection is detected – Fix #438
Removed
  • Removed ‘Total WordPress Sites in the World’ counter from stats
  • Old wpscan repo links removed – Fix #440
  • Fingerprinting Dev script removed
  • Useless code removed
General core
  • Rspecs update
  • Forcing Travis notify the team
  • Ruby 2.1.1 added to Travis
  • Equal output layout for interaction questions
  • Only output error trace if verbose if enabled
  • Memory improvements during wp-items enumerations
  • Fixed broken link checker, fixed some broken links
  • Couple more 404s fixed
  • Themes & Plugins list updated
WordPress Fingerprints
  • WP 3.8.2 & 3.7.2 Fingerprints added – Fix #448
  • WP 3.8.3 & 3.7.3 fingerprints
  • WP 3.9 fingerprints
Fixed issues
  • Fix #380 – Redirects in WP 3.6-3.0
  • Fix #413 – Check the version of the Timthumbs files found
  • Fix #429 – Error WpScan Cache Browser
  • Fix #431 – Version number comparison between ’2.3.3′ and ’0.42b’
  • Fix #439 – Detect if the target goes down during the scan
  • Fix #451 – Do not rely only on files in wp-content for fingerprinting
  • Fix #453 – Documentation or inplemention of option parameters
  • Fix #455 – Fails with a message if the target returns a 403 during the wordpress check
Vulnerabilities
  • Update WordPress Vulnerabilities
  • Fixed some duplicate vulnerabilities
WPScan Database Statistics:
  • Total vulnerable versions: 79; 1 is new
  • Total vulnerable plugins: 748; 55 are new
  • Total vulnerable themes: 292; 41 are new
  • Total version vulnerabilities: 617; 326 are new
  • Total plugin vulnerabilities: 1162; 146 are new
  • Total theme vulnerabilities: 330; 47 are new