WordPress Security Vulnerability Scanner

WordPress Security Vulnerability Scanner
WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations.

[You must be registered and logged in to see this link.]

Features include:

Quote :

Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on version)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, ...)

WPScan will be hosted on Google Code at [You must be registered and logged in to see this link.] You can download and start running WPScan ALPHA by checking out the SVN trunk. “svn checkout [You must be registered and logged in to see this link.] wpscan-read-only”
Installation

WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.

Quote :

Installing on Backtrack5 Gnome/KDE 32bit:
sudo apt-get install libcurl4-gnutls-dev
sudo gem install --user-install mime-types
sudo gem install --user-install typhoeus
sudo gem install --user-install xml-simple

Installing on Debian/Ubuntu:
sudo apt-get install libcurl4-gnutls-dev
sudo apt-get install libopenssl-ruby
sudo gem install typhoeus
sudo gem install xml-simple

Installing on other nix: (not tested)
sudo gem install typhoeus
sudo gem install xml-simple

Installing on Windows: (not tested)
gem install typhoeus
gem install xml-simple

Installing on Mac OSX: (not tested)
sudo gem install typhoeus
sudo gem install xml-simple
Usage

-h for further help.

Examples:

Quote :

Do 'non-intrusive' checks...
ruby wpscan.rb --url [You must be registered and logged in to see this link.]

Only do version enumeration...
ruby wpscan.rb --url [You must be registered and logged in to see this link.] --version

Do wordlist password brute force on enumerated users using 50 threads...
ruby wpscan.rb --url [You must be registered and logged in to see this link.] --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the 'admin' username only...
ruby wpscan.rb --url [You must be registered and logged in to see this link.] --wordlist darkc0de.lst --username admin

Generate a new 'most popular' plugin list, up to 150 pages...
ruby ./wpscan.rb --generate_plugin_list 150

Enumerate installed plugins...
ruby ./wpscan.rb --enumerate p