WPScan
Tool and Usage
WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins
Why this tool?
WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.
Additional information
While the code is available and the tool can be freely used, there are limitations when using this software commercially. The tool does not have to be installed, as it can also be used as part of a Docker image.
Usage and audience
WPScan is commonly used during penetration test, security assessment, or vulnerability scanning. Target users for this tool are pentesters, security professionals, and system administrators.
Tool review
Strengths
- + More than 25 contributors
- + More than 2000 GitHub stars
- + The source code of this software is available
Weaknesses
- - Software usage is restricted (e.g. commercially)
Author and Maintainers
WPScan is under development by Ryan Dewhurst. This project is currently maintained by Christian Mehlmauer, Erwan LR, Peter van der Laan.
Installation
Support operating systems
WPScan is known to work on Linux.
WPScan alternatives
Several alternative tools are available for WPScan that might be a good replacement.
| Project details | |
|---|---|
| Latest release | 2.9.3 [2017-07-19] |
| License(s) | Multi-license |
| Last updated | Sept. 17, 2017 |
Project health
Links
 | WPScan GitHub project page |
 | @_WPScan_ |
| WPScan project website | |
| WPScan vulnerability database |
