WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.
[singlepic id=59 w=320 h=240 float=]
Changelog:
- Detection for 750 more plugins.
- Detection for 107 new plugin vulnerabilities.
- Detection for 447 possible timthumb file locations.
- Advanced version fingerprinting implemented.
- Full Path Disclosure (FPD) checks.
- Auto updates.
- Progress indicators.
- Improved custom 404 checking.
- Improved plugin detection.
- Improved error_log checking.
- Lots of bugs fixed. Lots of small tweaks.
WPScan, you can checkout WPScan 1.1 by issuing the following command:
svn checkout http://wpscan.googlecode.com/svn/trunk/ ./wpscan-1.1
WPScan can also be found pre-installed in Backtrack5 R1 in the ‘/pentest/web/wpscan’ directory and will soon be available in SamuraiWTF.
Video Demo of WPScan
WPScan in action
WordPress Password Brute Forcer
Download: http://code.google.com/p/wpscan
For more updates about the development of WPScan, Release.
Check the developer’s Webiste: http://www.ethicalhack3r.co.uk/