| Sign in

WordPress Security Scanner

Project Home Wiki Issues Source

Summary People

Project Information

Project feeds
Code license
GNU GPL v3
Labels
wordpress, security, scanner, wpscan, randomstorm

Members

ryandewh...@gmail.com

2 committers

Links

External links
Sponsor

WordPress Security Scanner

Introduction

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.

Download

Please download the latest WPScan from our Subversion (SVN) code repository by issuing the following command:

svn checkout http://wpscan.googlecode.com/svn/trunk/ ./wpscan

Details

Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag and from client side files)
Vulnerability enumeration (based on version)
Timbthumb file enumeration
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on plugin name)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, ...)

Sponsor

Sponsored by the RandomStorm Open Source Initiative.

Video of WPScan in Action

Video of the first PoC

Powered by Google Project Hosting