vFeed


Tools

Published on January 14th, 2015 | by MaxiSoler

0

WPScan v2.6 Released

WPScan is a black box WordPress vulnerability scanner.

wpscan_logo_407x80

Features

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, …)

 

Changelog v2.6

New

  • Updates the readmes to reflect the new –usernames option
  • Improves plugin/theme version detection by looking at the “Version:”
  • Solution to avoid mandatory blank newline at the end of the wordlist
  • Add check for valid credentials
  • Add Sucuri sponsor to banner
  • Add protocol to sucuri url in banner
  • Add response code to proxy error output
  • Add a statement about mendatory newlines at the end of list
  • Give warning if default username ‘admin’ is still used
  • License amendment to make it more clear about value added usage

Removed

  • remove malwares
  • remove malware folder
  • Removes the theme version check from the readme, unrealistic scenario

General core

  • Update to Ruby 2.1.5 and travis
  • Prevent parent theme infinite loop
  • Fixes the progressbar being overriden by next brute forcing attempts

Fixed issues

  • Fix UTF-8 encode on security db file download
  • Fix #703 – Disable logging by default. Implement log option.
  • Fix #705 – Installation instructions for Ubuntu < 14.04 apparently incomplete
  • Fix #717 – Expand on readme.html finding output
  • Fix #716 – Adds the –version in the help
  • Fix #715 – Add new updating info to docs
  • Fix #727 – WpItems detection: Perform the passive check and filter only vulnerable results at the end if required
  • Fix #737 – Adds some readme files to check for plugin versions
  • Fix #739 – Adds the –usernames option

WPScan Database Statistics:

  • Total vulnerable versions: 88
  • Total vulnerable plugins: 901
  • Total vulnerable themes: 313
  • Total version vulnerabilities: 1050
  • Total plugin vulnerabilities: 1355
  • Total theme vulnerabilities: 349

Full Changelog: here

Tags: , ,


About the Author

www.artssec.com @maxisoler



Back to Top ↑