This project is maintained by the WPScan Team which comprises of @erwan_lr, @gbrindisi, @_FireFart_ & @ethicalhack3r.
WPScan is yet another great tool by Ryan Dewhurst (@ethicalhack3r) and the rest of his team. (@_wpscan_)
Although the image below shows no vulnerabilities, due to the hardened down install of WP running this site, WPScan will try to identify plugins, themes and “interesting” bits of information regarding the WordPress site.
Instructions on downloading and installing WPScan can be found on their website over at http://wpscan.org/
WPScan also has the ability to brute-force the login portal. Although, and i shouldn’t have to say this but i will, performing this action against a domain that does not belong to you or without any prior authorisation is a criminal offence. Don’t do it! not even once.
Typical Usage for WPScan are:
Do ‘non-intrusive’ checks…
ruby wpscan.rb –url www.example.com
Do wordlist password brute force on enumerated users using 50 threads…
ruby wpscan.rb –url www.example.com –wordlist darkc0de.lst –threads 50
Do wordlist password brute force on the ‘admin’ username only…
ruby wpscan.rb –url www.example.com –wordlist darkc0de.lst –username admin
Enumerate installed plugins…
ruby wpscan.rb –url www.example.com –enumerate p
Run all enumeration tools…
ruby wpscan.rb –url www.example.com –enumerate
ruby wpscan.rb –update
WPScan comes pre-installed on the top Linux distributions for penetration testing such as:
- Linux Pentoo
I am currently working on a front end to WPScan. Once this is complete, i will upload a post about it.
So to finish off, I recommend checking this script out and follow the guys on twitter to stay up to date with the project.