WPScan
WPScan is a free, open-source security tool designed for WordPress, used primarily to identify security vulnerabilities. It is well-suited for black box testing and offers comprehensive scanning capabilities.
Key Features:
Scans for vulnerabilities in WordPress core, plugins, and themes.
Enumerates users, plugins, themes, and weak passwords.
Integrates with the WPScan Vulnerability Database.
Command-Line Examples:
Scan for Vulnerabilities:
wpscan --url example.com
Enumerate Users:
wpscan --url example.com --enumerate u
Brute Force Password Attack:
wpscan --url example.com --passwords /path/to/passwords.txt --usernames admin
Check for Vulnerable Plugins:
wpscan --url example.com --enumerate vp
Regular scanning with WPScan is recommended as part of a robust WordPress security strategy.
Last updated