WPScan – WordPress Security Scanner *Now with proxy support*
WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.
Features
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag and from client side files)
- Vulnerability enumeration (based on version)
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on plugin name)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, …)
Usage is as per normal except add –tor to use default Tor settings (localhost:9050), otherwise use –proxy host:port.
More Information: here
Download: WPScan v1.1 (Proxy Support)