wpscan v3.5.3 releases: black box WordPress vulnerability scanner

WPScan is a black box WordPress vulnerability scanner.




  • Detection of wp-content:
    • Default wp-content is now checked directly (depends on detection-mode) while not detected via the homepage passively
    • Scope supplied is now considered when checking for the wp-content – #1278
    • content attribute of meta tags are now checked
    • Improvement of the detection from raw JS code
  • When enumerating plugins and themes, 301 are now ignored – Was causing more False Positive than False Negative
  • Wildcards in --scope, such as --scope *.cdn.org properly processed
  • Some Error Messages have been reworked – #1335
  • Detection of WordPress hosted blogs improved
  • Object allocations of Addressable::URI reduced by 50%



  • Ruby >= 2.2.2 – Recommended: 2.3.3
  • Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
  • RubyGems – Recommended: latest

From RubyGems:

gem install wpscan

From sources:
Prerequisites: Git

git clone https://github.com/wpscanteam/wpscan
cd wpscan/
bundle install && rake install


Open a terminal and type wpscan –help (if you built wpscan from the source, you should type the command outside of the git repo)


The DB is located at ~/.wpscan/db

WPScan can load all options (including the –url) from configuration files, the following locations are checked (order: first to last):

  • ~/.wpscan/cli_options.json
  • ~/.wpscan/cli_options.yml
  • pwd/.wpscan/cli_options.json
  • pwd/.wpscan/cli_options.yml

If those files exist, options from them will be loaded and overridden if found twice.



proxy: ‘’
verbose: true


proxy: ‘socks5://’
url: ‘http://target.tld’

Running wpscan in the current directory (pwd), is the same as wpscan -v –proxy socks5:// –url http://target.tld

Copyright 2011-2018 WPScan Team.

Source: https://github.com/wpscanteam/