Wordpresscan alternatives

Looking for an alternative tool to replace Wordpresscan? During the review of Wordpresscan we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. WordPress Exploit Framework (WordPress exploiting toolkit)
  2. Vane (WordPress vulnerability scanner)
  3. Wordstress (white-box scanner for WordPress installations)

These tools are ranked as the best alternatives to Wordpresscan.

Alternatives (by score)

81

WordPress Exploit Framework (WPXF)

Introduction

WordPress is still one of the most popular frameworks for websites. A variety of open source tools exist to assess the security of this content management system, and its themes and plugins.

Project details

WordPress Exploit Framework is written in Ruby.

Strengths and weaknesses

  • + More than 500 GitHub stars
  • + The source code of this software is available
  • - Has longer learning curve

Typical usage

  • Penetration testing
  • Security assessment
  • Vulnerability scanning
  • Web application analysis

WordPress Exploit Framework review

64

Vane

Introduction

Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.

Project details

Vane is written in Ruby.

Strengths and weaknesses

  • + More than 25 contributors
  • + The source code of this software is available

    Typical usage

    • Application security
    • Web application analysis

    Vane review

    60

    Wordstress

    Introduction

    WordPress is a popular choice among content management systems (CMS). Powering many websites and blogs, it is also a popular target. So regular updates and security testing can help to reduce the risk. WordStress can help with this testing.

    Project details

    Wordstress is written in Ruby.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Application security
      • Vulnerability scanning
      • Web application analysis

      Wordstress review

      85

      droopescan

      Introduction

      Droopescan can be used to test the security of several Content Management Systems (CMS). It mainly focuses on Drupal, SilverStripe, and Wordpress installations.

      Project details

      droopescan is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Web application analysis

        droopescan review

        78

        WPScan

        Introduction

        WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.

        Project details

        WPScan is written in Ruby.

        Strengths and weaknesses

        • + More than 25 contributors
        • + More than 2000 GitHub stars
        • + The source code of this software is available
        • - Software usage is restricted (e.g. commercially)

        Typical usage

        • Penetration testing
        • Security assessment
        • Vulnerability scanning

        WPScan review

        64

        CMSmap

        Introduction

        CMSmap helps saving time in the process of detecting what CMS is used for a given web application. It performs reconnaissance and can do additional vulnerability scanning.

        Project details

        CMSmap is written in Python.

        Strengths and weaknesses

        • + More than 500 contributors
        • + The source code of this software is available
        • - No releases on GitHub available
        • - No updates for a while

        Typical usage

        • Application testing
        • Information gathering
        • Vulnerability scanning
        • Web application analysis

        CMSmap review

        68

        flunym0us

        Introduction

        Flunym0us is a security scanner for WordPress and Moodle installations. The tool tests the security of the installation by performing enumeration attempts.

        Project details

        flunym0us is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Vulnerability scanning
          • Web application analysis

          flunym0us review

          64

          wpvulndb_cmd

          Introduction

          wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.

          Project details

          wpvulndb_cmd is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Penetration testing
            • Security assessment
            • Web application analysis

            wpvulndb_cmd review

            60

            Plecost

            Introduction

            Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.

            Project details

            Plecost is written in Python.

            Strengths and weaknesses

            • + Screen output is colored
            • + The source code of this software is available

              Typical usage

              • Web application analysis

              Plecost review

              60

              WPForce

              Introduction

              This toolkit is fairly new and consists of WPForce and Yertle. As the name implies, the first component has the focus on brute force attacking of login credentials. When admin credentials have been found, it is Yertle that allows uploading a shell. Yertle also has post-exploitation modules for further research.

              Project details

              WPForce is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - Full name of author is unknown

              Typical usage

              • Penetration testing
              • Security assessment
              • Vulnerability scanning

              WPForce review

              52

              WPSeku

              Introduction

              With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

              Project details

              WPSeku is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - Unknown project license

              Typical usage

              • Penetration testing
              • Security assessment
              • Vulnerability scanning

              WPSeku review

              Some relevant tool missing as an alternative to Wordpresscan? Please contact us with your suggestion.