wpscan v3.8.18 releases: black box WordPress vulnerability scanner
WPScan is a black box WordPress vulnerability scanner.
- Fixed incorrect generation of DB Export locations when the target is an IP address – Ref #1638
- Added subdomain in DB Backup files checked – Ref #1642
- Updated WP Version output to handle future status such as
latest-in-branch– Ref #1649
- Fixed a crash when
psych>= 4.0.0 was installed on the system running WPScan – Ref #1646
- Ruby >= 2.2.2 – Recommended: 2.3.3
- Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
- RubyGems – Recommended: latest
gem install wpscan
git clone https://github.com/wpscanteam/wpscan
bundle install && rake install
Open a terminal and type wpscan –help (if you built wpscan from the source, you should type the command outside of the git repo)
The DB is located at ~/.wpscan/db
WPScan can load all options (including the –url) from configuration files, the following locations are checked (order: first to last):
If those files exist, options from them will be loaded and overridden if found twice.
Running wpscan in the current directory (pwd), is the same as wpscan -v –proxy socks5://127.0.0.1:9090 –url http://target.tld
Copyright 2011-2018 WPScan Team.