Banner 468 x 60px

LikeViews

Tuesday, 24 January 2012

WPScan v.1.1 is released, a WordPress Security vulnerability scanner

Comments
“WPScan is a WordPress Security vulnerability scanner which checks the security of WordPress installations using a black box approach, written in Ruby.

DETAILS
  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, ...)

Change-log for WPScan v.1.1:

  • Detection for 750 more plugins.
  • Detection for 107 new plugin vulnerabilities.
  • Detection for 447 possible timthumb file locations.
  • Advanced version fingerprinting implemented.
  • Full Path Disclosure (FPD) checks.
  • Auto updates.
  • Progress indicators.
  • Improved custom 404 checking.
  • Improved plugin detection.
  • Improved error_log checking.
  • Lots of bugs fixed. Lots of small tweaks.
 
Convex Coders © 2011 Convex-Coders. Supported by Code 104 and tech PANELS