Details• Username enumeration (from author querystring and location header)
• Weak password cracking (multithreaded)
• Version enumeration (from generator meta tag and from client side files)
• Vulnerability enumeration (based on version)
• Plugin enumeration (2220 most popular by default)
• Plugin vulnerability enumeration (based on plugin name)
• Plugin enumeration list generation
• Other misc WordPress checks (theme name, dir listing, ...)
Changelog for WPScan v.1.1:
• Detection for 750 more plugins.
• Detection for 107 new plugin vulnerabilities.
• Detection for 447 possible timthumb file locations.
• Advanced version fingerprinting implemented.
• Full Path Disclosure (FPD) checks.
• Auto updates.
• Progress indicators.
• Improved custom 404 checking.
• Improved plugin detection.
• Improved error_log checking.
• Lots of bugs fixed. Lots of small tweaks.
Download:
http://code.google.com/p/wpscan/
No comments:
Post a Comment