Wordpresscan alternatives

Looking for an alternative tool to replace Wordpresscan? During the review of Wordpresscan we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

WordPress Exploit Framework (WordPress exploiting toolkit)
Vane (WordPress vulnerability scanner)
Wordstress (white-box scanner for WordPress installations)

These tools are ranked as the best alternatives to Wordpresscan.

Alternatives (by score)

WordPress Exploit Framework (WPXF)

Introduction

WordPress is still one of the most popular frameworks for websites. A variety of open source tools exist to assess the security of this content management system, and its themes and plugins.

Project details

WordPress Exploit Framework is written in Ruby.

Strengths and weaknesses

+ More than 500 GitHub stars
+ The source code of this software is available

- Has longer learning curve

Typical usage

Penetration testing
Security assessment
Vulnerability scanning
Web application analysis

WordPress Exploit Framework review

Vane

Introduction

Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.

Project details

Vane is written in Ruby.

Strengths and weaknesses

+ More than 25 contributors
+ The source code of this software is available

Typical usage

Application security
Web application analysis

Vane review

Wordstress

Introduction

WordPress is a popular choice among content management systems (CMS). Powering many websites and blogs, it is also a popular target. So regular updates and security testing can help to reduce the risk. WordStress can help with this testing.

Project details

Wordstress is written in Ruby.

Strengths and weaknesses

+ The source code of this software is available

Typical usage

Application security
Vulnerability scanning
Web application analysis

Wordstress review

WPScan

Introduction

WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.

Project details

WPScan is written in Ruby.

Strengths and weaknesses

+ More than 25 contributors
+ More than 2000 GitHub stars
+ The source code of this software is available

- Software usage is restricted (e.g. commercially)

Typical usage

Penetration testing
Security assessment
Vulnerability scanning

WPScan review

droopescan

Introduction

Droopescan can be used to test the security of several Content Management Systems (CMS). It mainly focuses on Drupal, SilverStripe, and Wordpress installations.

Project details

droopescan is written in Python.

Strengths and weaknesses

+ The source code of this software is available

Typical usage

Web application analysis

droopescan review

CMSmap

Introduction

CMSmap helps saving time in the process of detecting what CMS is used for a given web application. It performs reconnaissance and can do additional vulnerability scanning.

Project details

CMSmap is written in Python.

Strengths and weaknesses

+ More than 500 contributors
+ The source code of this software is available

- No releases on GitHub available
- No updates for a while

Typical usage

Application testing
Information gathering
Vulnerability scanning
Web application analysis

CMSmap review

flunym0us

Introduction

Flunym0us is a security scanner for WordPress and Moodle installations. The tool tests the security of the installation by performing enumeration attempts.

Project details

flunym0us is written in Python.

Strengths and weaknesses

+ The source code of this software is available

Typical usage

Vulnerability scanning
Web application analysis

flunym0us review

wpvulndb_cmd

Introduction

wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.

Project details

wpvulndb_cmd is written in Python.

Strengths and weaknesses

+ The source code of this software is available

Typical usage

Penetration testing
Security assessment
Web application analysis

wpvulndb_cmd review

Plecost

Introduction

Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.

Project details

Plecost is written in Python.

Strengths and weaknesses

+ Screen output is colored
+ The source code of this software is available

Typical usage

Web application analysis

Plecost review

WPForce

Introduction

This toolkit is fairly new and consists of WPForce and Yertle. As the name implies, the first component has the focus on brute force attacking of login credentials. When admin credentials have been found, it is Yertle that allows uploading a shell. Yertle also has post-exploitation modules for further research.

Project details

WPForce is written in Python.

Strengths and weaknesses

+ The source code of this software is available

- Full name of author is unknown

Typical usage

Penetration testing
Security assessment
Vulnerability scanning

WPForce review

WPSeku

Introduction

With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

Project details

WPSeku is written in Python.

Strengths and weaknesses

+ The source code of this software is available

- Unknown project license

Typical usage

Penetration testing
Security assessment
Vulnerability scanning

WPSeku review

Some relevant tool missing as an alternative to Wordpresscan? Please contact us with your suggestion.