Tools compared: WordPress vulnerability scanners

Finding the right tool can be difficult. This sheet compares Vane, Wordstress, wp_enum, WPScan, WPSeku and wpvulndb_cmd.

VaneWordstresswp_enumWPScanWPSekuwpvulndb_cmd
Description

Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.

Wordstress is a security scanner for WordPress installations. It uses a white-box approach in scanning, which makes it different than most other scanners.

The wp_enum tool helps with the discovery of WordPress users and accounts.

WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins

WPSeku is a WordPress vulnerability scanner that can be used to scan remote WordPress installations.

wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.

Tool details

This utility enumerates the available identities on a WordPress installation.

With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

Dependencies
StrenghtsMore than 25 contributors, The source code of this software is availableThe source code of this software is availableMore than 25 contributors, More than 2000 GitHub stars, The source code of this software is availableThe source code of this software is availableThe source code of this software is available
WeaknessesSoftware usage is restricted (e.g. commercially)Unknown project license
Programming language(s)RubyRubyPythonRubyPythonPython
Last releaseUnknown

0.70.0 (2016-01-27)

No version (2017-03-05)

2.9.3 (2017-07-19)

0.2 (2017-05-25)

Unknown
Tool page (last updated)

2017-09-20

2017-09-17

2017-09-17

2017-09-17

2017-09-18

2017-09-17

Tool score
64
64
56
100
76
64
DownloadDownloadDownloadNo link availableDownloadDownloadDownload
More informationVane reviewWordstress reviewwp_enum reviewWPScan reviewWPSeku reviewwpvulndb_cmd review