WPSCAN - WordPress Security & vulnerability Scanner

WPSCAN - WordPress Security & vulnerability Scanner

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.

Details

• Username enumeration (from author querystring and location header)
• Weak password cracking (multithreaded)
• Version enumeration (from generator meta tag)
• Vulnerability enumeration (based on version)
• Plugin enumeration (2220 most popular by default)
• Plugin vulnerability enumeration (based on version) (todo)
• Plugin enumeration list generation
• Other misc WordPress checks (theme name, dir listing, ...)