Updated WPScan User Documentation (markdown)
Ryan Dewhurst
@@ -6,6 +6,25 @@ WPScan is a free, for non-commercial use, black box WordPress vulnerability scan
|
||||
|
||||
WPScan is written in the Ruby programming language. The first version of WPScan was released on the [16th of June 2011](https://blog.dewhurstsecurity.com/2011/06/16/introducing-wpscan-wordpress-security-scanner.html).
|
||||
|
||||
## What can WPScan check for?
|
||||
|
||||
- The version of WordPress installed and any associated vulnerabilities
|
||||
- What plugins are installed and any associated vulnerabilities
|
||||
- What themes are installed and any associated vulnerabilities
|
||||
- Username enumeration
|
||||
- Users with weak passwords via password brute forcing
|
||||
- Backed up and publicly accessible wp-config.php files
|
||||
- Database dumps that may be publicly accessible
|
||||
- If error logs are exposed by plugins
|
||||
- Media file enumeration
|
||||
- Vulnerable Timthumb files
|
||||
- If the WordPress readme file is present
|
||||
- If WP-Cron is enabled
|
||||
- If user registration is enabled
|
||||
- Full Path Disclose
|
||||
- Upload directory listing
|
||||
- And much more...
|
||||
|
||||
## Installation
|
||||
|
||||
### Ruby Gem
|
||||
|
||||
Reference in New Issue
Block a user