Tools compared: WordPress vulnerability scanners

Finding the right tool for the job can be difficult task. This sheet compares Vane, Wordstress, wp_enum, WPScan, WPSeku and wpvulndb_cmd.

Tool comparison: Vane, Wordstress, wp_enum, WPScan, WPSeku and wpvulndb_cmd
VaneWordstresswp_enumWPScanWPSekuwpvulndb_cmd
Description

Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.

Wordstress is a security scanner for WordPress installations. It uses a white-box approach in scanning, which makes it different than most other scanners.

The wp_enum tool helps with the discovery of WordPress users and accounts.

WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins

WPSeku is a WordPress vulnerability scanner that can be used to scan remote WordPress installations.

wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.

Dependencies
Strenghts

More than 25 contributors, The source code of this software is available

The source code of this software is available

More than 25 contributors, More than 2000 GitHub stars, The source code of this software is available

The source code of this software is available

The source code of this software is available

Weaknesses

Software usage is restricted (e.g. commercially)

Unknown project license

Programming language(s)

Ruby

Ruby

Python

Ruby

Python

Python

Last release

Unknown

0.70.0 (2016-01-27)

No version (2017-03-05)

2.9.4 (2018-06-15)

0.2 (2017-05-25)

Unknown

Tool page (last updated)

2017-09-20

2018-06-20

2018-06-19

2019-06-10

2018-05-20

2017-09-17

Tool score

64

60

40

78

52

64

Download

Download

Download

No link available

Download

Download

Download

More information

Vane review

Wordstress review

wp_enum review

WPScan review

WPSeku review

wpvulndb_cmd review