+++++ Dear ….. Thank you for visiting our booth at the Myanmar Black Hacking. We hope you will have a good time and enjoyed your visit to Underground. In case we won't answer some of your questions about our Real Info, we encourage you to visit our website at www.myanmarblackhacking.com +++++ It will give you a good idea of what we can do for +++++

Apr 21, 2015

0 WPScan - WordPress Security Scanner



WPScan is a black box WordPress vulnerability scanner. Features

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, …)

Prerequisites:


  • Windows not supported
  • Ruby >= 1.9.2 – Recommended: 1.9.3
  • Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
  • RubyGems – Recommended: latest
  • Git

Changelog v2.4

New


  • ‘–batch’ switch option added – Fix #454
  • Add random-agent
  • Added more CLI options
  • Switch over to nist – Fix #301
  • New choice added when a redirection is detected – Fix #438

Removed


  • Removed ‘Total WordPress Sites in the World’ counter from stats
  • Old wpscan repo links removed – Fix #440
  • Fingerprinting Dev script removed
  • Useless code removed

General core


  • Rspecs update
  • Forcing Travis notify the team
  • Ruby 2.1.1 added to Travis
  • Equal output layout for interaction questions
  • Only output error trace if verbose if enabled
  • Memory improvements during wp-items enumerations
  • Fixed broken link checker, fixed some broken links
  • Couple more 404s fixed
  • Themes & Plugins list updated

WordPress Fingerprints


  • WP 3.8.2 & 3.7.2 Fingerprints added – Fix #448
  • WP 3.8.3 & 3.7.3 fingerprints
  • WP 3.9 fingerprints

Fixed issues


  • Fix #380 – Redirects in WP 3.6-3.0
  • Fix #413 – Check the version of the Timthumbs files found
  • Fix #429 – Error WpScan Cache Browser
  • Fix #431 – Version number comparison between ’2.3.3′ and ’0.42b’
  • Fix #439 – Detect if the target goes down during the scan
  • Fix #451 – Do not rely only on files in wp-content for fingerprinting
  • Fix #453 – Documentation or inplemention of option parameters
  • Fix #455 – Fails with a message if the target returns a 403 during the wordpress check

Vulnerabilities


  • Update WordPress Vulnerabilities
  • Fixed some duplicate vulnerabilities
  • WPScan Database Statistics:
  • Total vulnerable versions: 79; 1 is new
  • Total vulnerable plugins: 748; 55 are new
  • Total vulnerable themes: 292; 41 are new
  • Total version vulnerabilities: 617; 326 are new
  • Total plugin vulnerabilities: 1162; 146 are new
  • Total theme vulnerabilities: 330; 47 are new
 
If you are like to add your tool in our blog feel free to contact us. We are always ready to add it for free.


Original Link

0 comments:

Post a Comment