Tools compared: WordPress vulnerability scanners
Finding the right tool can be difficult. This sheet compares Vane, Wordstress, wp_enum, WPScan, WPSeku and wpvulndb_cmd.
Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.
Wordstress is a security scanner for WordPress installations. It uses a white-box approach in scanning, which makes it different than most other scanners.
The wp_enum tool helps with the discovery of WordPress users and accounts.
WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins
WPSeku is a WordPress vulnerability scanner that can be used to scan remote WordPress installations.
wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.
This utility enumerates the available identities on a WordPress installation.
With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.
|Strenghts||More than 25 contributors, The source code of this software is available||The source code of this software is available||More than 25 contributors, More than 2000 GitHub stars, The source code of this software is available||The source code of this software is available||The source code of this software is available|
|Weaknesses||Software usage is restricted (e.g. commercially)||Unknown project license|
No version (2017-03-05)
|Tool page (last updated)|
|Download||Download||Download||No link available||Download||Download||Download|
|More information||Vane review||Wordstress review||wp_enum review||WPScan review||WPSeku review||wpvulndb_cmd review|