wpscan v3.6 releases: black box WordPress vulnerability scanner
WPScan is a black box WordPress vulnerability scanner.
- Reduces starting time by not creating all DF. Plugin and Theme Versions DF are now created when they are needed.
- Fixes a bug where stats were not being displayed in some cases upon error in threads
- Fixes long generation time of target urls before enumeration when the blog had no sub directory detected.
- Potential Readme filenames can now be overridden via the DF config, leading to less requests done when looking for Readmes, and avoiding false positive due to old readme files which were checked first – #1364
- Some DF methods renamed to avoid confusion with DB methods (ie #db_data -> #df_data)
- Ruby >= 2.2.2 – Recommended: 2.3.3
- Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
- RubyGems – Recommended: latest
gem install wpscan
git clone https://github.com/wpscanteam/wpscan
bundle install && rake install
Open a terminal and type wpscan –help (if you built wpscan from the source, you should type the command outside of the git repo)
The DB is located at ~/.wpscan/db
WPScan can load all options (including the –url) from configuration files, the following locations are checked (order: first to last):
If those files exist, options from them will be loaded and overridden if found twice.
Running wpscan in the current directory (pwd), is the same as wpscan -v –proxy socks5://127.0.0.1:9090 –url http://target.tld
Copyright 2011-2018 WPScan Team.