Introducing WPScan – A WordPress Security Scanner

Thursday, June 16, 2011

Ryan Dewhurst

A6f6ba95b73de19f947cf4eceecb2bed

After creating the WordPress Brute Force Tool last weekend, I decided to create a bigger project out of it, called WPScan.

WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations.

Its intended use is for security professionals or WordPress administrators to asses the security posture of their WordPress installations. The code base is Open Source and licensed under the GPLv3.

Features include:

  • Username enumeration (from ?author)
  • Weak password cracking (multi-threaded)
  • Version enumeration (from generator meta tag)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (todo)
  • Plugin vulnerability enumeration (based on version) (todo)
  • Other miscellaneous checks

Installation:

WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.

sudo apt-get install libcurl4-gnutls-dev
sudo gem install –user-install typhoeus
sudo gem install –user-install xml-simple

(I developed WPScan on Backtrack5 Gnome 32bit, if installing on another OS, you may not need the –user-install option when installing the non native gems)

For further installation instructions see: 

http://code.google.com/p/wpscan/wiki/README

Download:

WPScan will be hosted on Google Code at http://code.google.com/p/wpscan/.

You can download and start running WPScan ALPHA by checking out the SVN trunk.
“svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only”

Example usage:

Do 'non-intrusive' checks...

ruby wpscan.rb --url www.example.com

Only do version enumeration...

ruby wpscan.rb --url www.example.com --version

Do wordlist password brute force on enumerated users using 50 threads...

ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the 'admin' username only...

ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin

Contributions, feedback, comments are welcome.

Happy Hacking!

Cross-posted from www.ethicalhack3r.co.uk

Possibly Related Articles:
17070
Webappsec->General
Information Security
Open Source Web Application Security Scanners Tools Wordpress Brute Force WPScan
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.