wpscan v3.8.22 releases: black box WordPress vulnerability scanner
WPScan is a black box WordPress vulnerability scanner.
- Better handling of redirection, ie when target http->https (or the opposite), the target URL will be changed to the new one automatically to avoid scanning the http version and getting 301 which could result in items being missed
- Better handling of unsupported HEAD method by checking for 501 and timeout as well
- Ruby >= 2.2.2 – Recommended: 2.3.3
- Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
- RubyGems – Recommended: latest
gem install wpscan
git clone https://github.com/wpscanteam/wpscan
bundle install && rake install
Open a terminal and type wpscan –help (if you built wpscan from the source, you should type the command outside of the git repo)
The DB is located at ~/.wpscan/db
WPScan can load all options (including the –url) from configuration files, the following locations are checked (order: first to last):
If those files exist, options from them will be loaded and overridden if found twice.
Running wpscan in the current directory (pwd), is the same as wpscan -v –proxy socks5://127.0.0.1:9090 –url http://target.tld
Copyright 2011-2018 WPScan Team.