WPScan is a black box WordPress Security Scanner written in Ruby, which attempts to find known security weaknesses within WordPress installations. It’s intended to be for security professionals or WordPress administrators to assess the security posture of their WordPress installations.
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag)
- Vulnerability enumeration (based on version)
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on version)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing etc.)
WPScan Online can be used online via our penetration testing tools suite, click here to sign up.
You may also be interested in our professional penetration testing services.