WPScan

WPScan is a WordPress Security Scanner designed to identify vulnerabilities in remote WordPress installations. It performs comprehensive scans to enumerate installed plugins, detect WordPress versions, and uncover potential security issues. The tool is particularly useful for penetration testers and security researchers assessing WordPress sites.

The scanner examines various aspects of WordPress sites including robots.txt files, HTTP headers, XML-RPC interfaces, and RSS generators to gather information about the target. It provides detailed output about discovered elements such as interesting paths, server information, and security headers. WPScan is sponsored by Sucuri and maintained by the WPScan Team.

Use cases include black box vulnerability assessments of WordPress sites, plugin enumeration for identifying outdated or vulnerable components, and reconnaissance of WordPress installations during penetration testing engagements.

WPScan operates as a black box scanner that sends HTTP requests to the target WordPress URL using protocols http and https. It enumerates plugins by testing against a database of 2166 known plugins, parses robots.txt for interesting paths, detects WordPress version from RSS generators and meta tags, identifies XML-RPC interfaces, and analyzes HTTP headers for security-relevant information. The tool uses Ruby dependencies like ruby-cms-scanner and ruby-yajl for parsing and processing responses.