Search the Community
Showing results for tags 'wpscan'.
Found 3 results
itsMe posted a topic in PentestingWPScan is a black box WordPress vulnerability scanner. Changelog v3.6.3 Fixed unhandled error when performing password attack against wp-login.php and a 302 response only contained one cookie – Ref #1378 [HIDE][Hidden Content]]
itsMe posted a topic in PentestingWPScan is a black box WordPress vulnerability scanner. Changelog v3.5.5 Secunia Reference URL updated (via CMSScanner 0.5.3) Fixes an issue with the Password Attack via XMLRPC, where the Interface could be found as active when it was disabled – #1365 [HIDE][Hidden Content]]
Introduction WPScan is a free and automated black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. You can use it to remotely scan WordPress installations, to find vulnerabilities within the core version, plugins, and themes. It’s maintained by the WPScan Team. Features: Detects known vulnerabilities in the WordPress core, plugins and themes, Detects weak user’s credentials (usernames & passwords), Checks overall WordPress security (mis)configuration, Runs brute force penetration testings, WordPress Version enumeration (from generator meta tag), It can perform full server headers scanning, Also performs miscellaneous WordPress checks (directory used, theme names, custom dirs, etc.). It has vulnerability database, which is regularly updated Display enumeration methods (passive/aggressive) in output. (#1284) Improves WordPress detection when no clues are present in the homepage (#1277) Check for multi page results when gathering users via the WP JSON API (#1285 – Thanks to @melalj) [HIDE][Hidden Content]]