[+] Post Title :
[+] Date : 28 February 2012
[+] Author : darkjiwa
[+] Link : https://darkjiwa.blogspot.com/2012/02/wordpress-securityvulnerability-scanner.html
[+] Type : rwxr-xr-x
WordPress Security/Vulnerability Scanner - WPScan
[+] Date : 28 February 2012
[+] Author : darkjiwa
[+] Link : https://darkjiwa.blogspot.com/2012/02/wordpress-securityvulnerability-scanner.html
[+] Type : rwxr-xr-x
WPScan is a
vulnerability scanner which checks the security of WordPress
installations using a black box approach (scanning without any prior
knowledge of what has been installed etc).
Features
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag)
- Vulnerability enumeration (based on version)
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on version) (todo)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, …)
Requirements
WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.
sudo apt-get install libcurl4-gnutls-devsudo gem install –user-install typhoeussudo gem install –user-install xml-simple
The full README is available here.
You can download WPScan by checking it out from the SVN repository on Google Code:
svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only
Or you can read more here.
0 comments:
Post a Comment