WordPress Security Scanner/WPScan 1.1 released

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach. details :

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing,

WPScan version 1.1 has been released! With 780 more lines of code the most notable changes are:

  • Detection for 750 more plugins.
  • Detection for 107 new plugin vulnerabilities.
  • Detection for 447 possible timthumb file locations.
  • Advanced version fingerprinting implemented.
  • Full Path Disclosure (FPD) checks.
  • Auto updates.
  • Progress indicators.
  • Improved custom 404 checking.
  • Improved plugin detection.
  • Improved error_log checking.
  • Lots of bugs fixed.
  • Lots of small tweaks.

READ MORE IN here WPScan – WordPress Security Scanner Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r. Code license GNU GPL v3
Download : http://wpscan.googlecode.com