WPScan alternatives

Looking for an alternative tool to replace WPScan? During the review of WPScan we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. WPSeku (WordPress vulnerability scanner)
  2. WordPress Exploit Framework (WordPress exploiting toolkit)
  3. Vane (WordPress vulnerability scanner)

These tools are ranked as the best alternatives to WPScan.

Alternatives (by score)

52

WPSeku

Introduction

With WPSeku a WordPress installation can be tested for the presence of security issues. Some examples are cross-site scripting (XSS), sql injection, and local file inclusion. The tool also tests for the presence of default configuration files. These files may reveal version numbers, used themes and plugins.

Project details

WPSeku is written in Python.

Strengths and weaknesses

  • + The source code of this software is available
  • - Unknown project license

Typical usage

  • Penetration testing
  • Security assessment
  • Vulnerability scanning

WPSeku review

93

WordPress Exploit Framework (WPXF)

Introduction

This framework is a tool that can be used as part of the pentesters toolbox. When running the tool, you will have to define a host, exploit, and payload. The tool is less friendly for beginners, but more experienced pentesters will find no difficulty in using it.

Project details

WordPress Exploit Framework is written in Ruby.

Strengths and weaknesses

  • + More than 500 GitHub stars
  • + The source code of this software is available
  • - Has longer learning curve

Typical usage

  • Penetration testing
  • Security assessment
  • Vulnerability scanning

WordPress Exploit Framework review

64

Vane

Introduction

Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.

Project details

Vane is written in Ruby.

Strengths and weaknesses

  • + More than 25 contributors
  • + The source code of this software is available

    Typical usage

    • Application security
    • Web application analysis

    Vane review

    60

    Plecost

    Introduction

    Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.

    Project details

    Plecost is written in Python.

    Strengths and weaknesses

    • + Screen output is colored
    • + The source code of this software is available

      Typical usage

      • Web application analysis

      Plecost review

      85

      droopescan

      Introduction

      Droopescan can be used to test the security of several Content Management Systems (CMS). It mainly focuses on Drupal, SilverStripe, and Wordpress installations.

      Project details

      droopescan is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Web application analysis

        droopescan review

        68

        Wordpresscan

        Introduction

        Tools like WordPresscan are useful to perform vulnerability scans on the popular WordPress platform. It can be used during development and on existing installations.

        Project details

        Wordpresscan is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Application security
          • Penetration testing
          • Web application analysis

          Wordpresscan review

          60

          Wordstress

          Introduction

          WordPress is a popular choice among content management systems (CMS). Powering many websites and blogs, it is also a popular target. So regular updates and security testing can help to reduce the risk. WordStress can help with this testing.

          Project details

          Wordstress is written in Ruby.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Application security
            • Vulnerability scanning
            • Web application analysis

            Wordstress review

            56

            WPSploit

            Introduction

            WPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.

            Project details

            WPSploit is written in Python.

            Strengths and weaknesses

            • + Very low number of dependencies
            • + The source code of this software is available

              Typical usage

              • Code analysis

              WPSploit review

              88

              LFI Suite

              Introduction

              This tool is a useful addition to the pentesting toolbox of security professionals. It can help discover and exploit any local file inclusion weakness in applications. Upon success, a reverse shell can be used to get access to the system.

              Project details

              LFI Suite is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - Full name of author is unknown

              Typical usage

              • Penetration testing
              • Web application analysis

              LFI Suite review

              74

              Nikto

              Introduction

              Nikto helps with performing security scans against web servers and to search for vulnerabilities in web applications.

              Project details

              Nikto is written in Perl.

              Strengths and weaknesses

              • + The source code of this software is available
              • + Well-known tool

                Typical usage

                • Penetration testing
                • Security assessment
                • Web application analysis

                Nikto review

                96

                OpenVAS

                Introduction

                OpenVAS is an open source vulnerability scanner that emerged from when Nessus became closed source in October of 2005.

                Project details

                OpenVAS is written in C.

                Strengths and weaknesses

                • + The source code of this software is available
                • + Well-known tool

                  Typical usage

                  • Penetration testing
                  • Security assessment
                  • Vulnerability scanning

                  OpenVAS review

                  97

                  Seccubus

                  Introduction

                  Supported engines and tools:

                  • Nessus
                  • OpenVAS
                  • Nmap
                  • Nikto
                  • Medusa
                  • Qualys SSL labs
                  • SkipFish
                  • SSLyze
                  • testssl.sh
                  • ZAP

                  Project details

                  89

                  VulnWhisperer

                  Introduction

                  VulnWhisperer helps with the collection of vulnerability data and its reports. The goal of the tool is to make vulnerability data more actionable. It supports scans and data from products like Nessus, Qualys products, OpenVAS, and Tenable.io.

                  Project details

                  VulnWhisperer is written in Python.

                  Strengths and weaknesses

                  • + More than 10 contributors
                  • + The source code of this software is available

                    Typical usage

                    • Vulnerability management
                    • Vulnerability scanning

                    VulnWhisperer review

                    74

                    Arachni

                    Introduction

                    Arachni is framework written in Ruby with focus on evaluating the security of web applications. Typical users include security professionals and system administrators.

                    The tooling is free and open source. Besides Linux, it also runs on macOS and Microsoft Windows.

                    Project details

                    Arachni is written in Ruby.

                    Strengths and weaknesses

                    • + More than 1000 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Penetration testing
                      • Security assessment
                      • Web application analysis

                      Arachni review

                      76

                      arch-audit

                      Introduction

                      The arch-audit utility scans the system for known vulnerabilities. It does so by looking at the version of installed packages and compare them with a database of known vulnerable versions.

                      Project details

                      arch-audit is written in Rust.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Vulnerability scanning

                        arch-audit review

                        100

                        Lynis

                        Introduction

                        Lynis is an open source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

                        Project details

                        Lynis is written in shell script.

                        Strengths and weaknesses

                        • + More than 50 contributors
                        • + Commercial support available
                        • + More than 4000 GitHub stars
                        • + Used language is shell script
                        • + Very low number of dependencies
                        • + Project is mature (10+ years)
                        • + The source code of this software is available

                          Typical usage

                          • IT audit
                          • Penetration testing
                          • Security assessment
                          • System hardening

                          Lynis review

                          85

                          Pocsuite

                          Introduction

                          Pocsuite is a remote vulnerability testing and development framework. It can be used by penetration testers and vulnerability researchers.

                          Project details

                          Pocsuite is written in Python.

                          Strengths and weaknesses

                          • + More than 10 contributors
                          • + More than 1000 GitHub stars
                          • + The source code of this software is available

                            Typical usage

                            • Vulnerability development
                            • Vulnerability testing

                            Pocsuite review

                            60

                            Pompem

                            Introduction

                            Pompem is written in Python and helps pentesters to search public sources for vulnerability information and a related exploit.

                            Sources

                            • CXSecurity
                            • National Vulnerability Database
                            • PacketStorm security
                            • Vulners
                            • WPScan Vulnerability Database
                            • ZeroDay

                            Project details

                            Pompem is written in Python.

                            Strengths and weaknesses

                            • + The source code of this software is available

                              Typical usage

                              • Vulnerability scanning

                              Pompem review

                              97

                              SearchSploit

                              Introduction

                              This little utility can search for exploits and related data in the Exploit-DB.

                              Project details

                              SearchSploit is written in shell script.

                              Strengths and weaknesses

                              • + Used language is shell script
                              • - Full name of author is unknown

                              Typical usage

                              • Information gathering
                              • Penetration testing

                              SearchSploit review

                              93

                              vFeed

                              Introduction

                              vFeed consists of a database and utilities to store vulnerability data. It uses third-party references and data, which then can be used to see if a software component has a known vulnerability. The data itself is enriched by cross-checking it and store additional details about the vulnerabilities.

                              The vFeed tooling has an API available with JSON output. It can be used by security researchers and practitioners to validate vulnerabilities and retrieve all available details.

                              Project details

                              vFeed is written in Python.

                              Strengths and weaknesses

                              • + Commercial support available
                              • + The source code of this software is available

                                Typical usage

                                • Security assessment
                                • Vulnerability scanning

                                vFeed review

                                76

                                vulnerability-alerter

                                Introduction

                                Vulnerability-alerter is a security tool to retrieve vulnerability data from NIST's database (NVD). This data can be used to discover recent vulnerabilities.

                                Project details

                                vulnerability-alerter is written in Python.

                                Strengths and weaknesses

                                • + The source code of this software is available

                                  Typical usage

                                  • Vulnerability management
                                  • Vulnerability testing

                                  vulnerability-alerter review

                                  74

                                  Vulnreport

                                  Introduction

                                  Vulnreport is a platform to deal with penetration test results. The tool formats them and provides actionable findings reports. The platform is strong in focusing on automation, to reduce the time spent by engineers.

                                  Project details

                                  Vulnreport is written in Ruby.

                                  Strengths and weaknesses

                                  • + The source code of this software is available

                                    Typical usage

                                    • Security reviews
                                    • Vulnerability management
                                    • Vulnerability scanning

                                    Vulnreport review

                                    100

                                    Anchore

                                    Introduction

                                    Anchore is a toolkit to perform in-depth container analysis, inspection, and controlling them. Among security scanning, it can do a wide range of functions.

                                    Project details

                                    Anchore is written in Python.

                                    Strengths and weaknesses

                                    • + Commercial support available
                                    • + The source code of this software is available

                                      Typical usage

                                      • System hardening

                                      Anchore review

                                      96

                                      Archery

                                      Introduction

                                      Archery is a tool that helps to collect data about vulnerabilities within an environment. Instead of focusing on the actual scanning, it allows managing findings in a web-based interface. This includes options like reporting, searching, and dashboards. It can interact with other tools, including the well-known vulnerability scanners.

                                      Project details

                                      Archery is written in Python.

                                      Strengths and weaknesses

                                      • + The source code of this software is available

                                        Typical usage

                                        • Vulnerability management
                                        • Vulnerability scanning
                                        • Vulnerability testing

                                        Archery review

                                        64

                                        AutoNessus (autonessus)

                                        Introduction

                                        This tool is useful to time scans, for example by having it run outside of business hours, and stop when the day starts.

                                        Note: originally another tool was named AutoNessus. That is now Seccubus.

                                        Project details

                                        AutoNessus is written in Python.

                                        Strengths and weaknesses

                                        • + The source code of this software is available
                                        • - No releases on GitHub available

                                        Typical usage

                                        • Vulnerability scanning

                                        AutoNessus review

                                        Some relevant tool missing as an alternative to WPScan? Please contact us with your suggestion.