wpscan v3.4.5 releases: black box WordPress vulnerability scanner

WPScan is a black box WordPress vulnerability scanner.

Changelog

v3.4.5

Adds detection of wp-cron.php – #1299
Handles uncaught exceptions when --password-attack was used bu the XML-RPC was not detected – #1307
Improves Debug Log and XML-RPC detections (via CMSSCanner 0.0.41.4)

v3.4.4

  • Display enumeration methods (passive/aggressive) in output. (#1284)
  • Improves WordPress detection when no clues are present in the homepage (#1277)
  • Check for multi page results when gathering users via the WP JSON API (#1285 – Thanks to @melalj)

Install

Requirement

  • Ruby >= 2.2.2 – Recommended: 2.3.3
  • Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
  • RubyGems – Recommended: latest

From RubyGems:

gem install wpscan

From sources:
Prerequisites: Git

git clone https://github.com/wpscanteam/wpscan
cd wpscan/
bundle install && rake install

Usage

Open a terminal and type wpscan –help (if you built wpscan from the source, you should type the command outside of the git repo)

 

The DB is located at ~/.wpscan/db

WPScan can load all options (including the –url) from configuration files, the following locations are checked (order: first to last):

  • ~/.wpscan/cli_options.json
  • ~/.wpscan/cli_options.yml
  • pwd/.wpscan/cli_options.json
  • pwd/.wpscan/cli_options.yml

If those files exist, options from them will be loaded and overridden if found twice.

e.g:

~/.wpscan/cli_options.yml:

proxy: ‘http://127.0.0.1:8080’
verbose: true

pwd/.wpscan/cli_options.yml:

proxy: ‘socks5://127.0.0.1:9090’
url: ‘http://target.tld’

Running wpscan in the current directory (pwd), is the same as wpscan -v –proxy socks5://127.0.0.1:9090 –url http://target.tld

Copyright 2011-2018 WPScan Team.

Source: https://github.com/wpscanteam/

Share