WPScan v2.6 Released

WPScan is a black box WordPress vulnerability scanner.
Features
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag and from client side files)
- Vulnerability enumeration (based on version)
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on plugin name)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, …)
Changelog v2.6
New
- Updates the readmes to reflect the new –usernames option
- Improves plugin/theme version detection by looking at the “Version:”
- Solution to avoid mandatory blank newline at the end of the wordlist
- Add check for valid credentials
- Add Sucuri sponsor to banner
- Add protocol to sucuri url in banner
- Add response code to proxy error output
- Add a statement about mendatory newlines at the end of list
- Give warning if default username ‘admin’ is still used
- License amendment to make it more clear about value added usage
Removed
- remove malwares
- remove malware folder
- Removes the theme version check from the readme, unrealistic scenario
General core
- Update to Ruby 2.1.5 and travis
- Prevent parent theme infinite loop
- Fixes the progressbar being overriden by next brute forcing attempts
Fixed issues
- Fix UTF-8 encode on security db file download
- Fix #703 – Disable logging by default. Implement log option.
- Fix #705 – Installation instructions for Ubuntu < 14.04 apparently incomplete
- Fix #717 – Expand on readme.html finding output
- Fix #716 – Adds the –version in the help
- Fix #715 – Add new updating info to docs
- Fix #727 – WpItems detection: Perform the passive check and filter only vulnerable results at the end if required
- Fix #737 – Adds some readme files to check for plugin versions
- Fix #739 – Adds the –usernames option
WPScan Database Statistics:
- Total vulnerable versions: 88
- Total vulnerable plugins: 901
- Total vulnerable themes: 313
- Total version vulnerabilities: 1050
- Total plugin vulnerabilities: 1355
- Total theme vulnerabilities: 349
Full Changelog: here
[button size=large style=round color=red align=none url=http://wpscan.org]Download WPScan v2.6[/button]