Updated WPScan User Documentation (markdown)
Ryan Dewhurst
@@ -6,6 +6,25 @@ WPScan is a free, for non-commercial use, black box WordPress vulnerability scan
|
|||||||
|
|
||||||
WPScan is written in the Ruby programming language. The first version of WPScan was released on the [16th of June 2011](https://blog.dewhurstsecurity.com/2011/06/16/introducing-wpscan-wordpress-security-scanner.html).
|
WPScan is written in the Ruby programming language. The first version of WPScan was released on the [16th of June 2011](https://blog.dewhurstsecurity.com/2011/06/16/introducing-wpscan-wordpress-security-scanner.html).
|
||||||
|
|
||||||
|
## What can WPScan check for?
|
||||||
|
|
||||||
|
- The version of WordPress installed and any associated vulnerabilities
|
||||||
|
- What plugins are installed and any associated vulnerabilities
|
||||||
|
- What themes are installed and any associated vulnerabilities
|
||||||
|
- Username enumeration
|
||||||
|
- Users with weak passwords via password brute forcing
|
||||||
|
- Backed up and publicly accessible wp-config.php files
|
||||||
|
- Database dumps that may be publicly accessible
|
||||||
|
- If error logs are exposed by plugins
|
||||||
|
- Media file enumeration
|
||||||
|
- Vulnerable Timthumb files
|
||||||
|
- If the WordPress readme file is present
|
||||||
|
- If WP-Cron is enabled
|
||||||
|
- If user registration is enabled
|
||||||
|
- Full Path Disclose
|
||||||
|
- Upload directory listing
|
||||||
|
- And much more...
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
### Ruby Gem
|
### Ruby Gem
|
||||||
|
|||||||
Reference in New Issue
Block a user