WPScan WordPress Vulnerability Scanner

By | 2011/10/17

WPScan is a nifty WordPress vulnerability scanner. It can do things such as scan for installed plugins and provide vulnerability information based on results. It is part of Backtrack, which is handy as well!

Here’s how wpscan looks checking scottlinux.com:

wpscan_backtrack
root@bt:/pentest/web/wpscan# ruby wpscan.rb --url scottlinux.com --enumerate p
____________________________________________________
 __          _______   _____                  
 \ \        / /  __ \ / ____|                 
  \ \  /\  / /| |__) | (___   ___  __ _ _ __  
   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
    \  /\  /  | |     ____) | (__| (_| | | | |
     \/  \/   |_|    |_____/ \___|\__,_|_| |_| v1.0

  WordPress Security Scanner by ethicalhack3r.co.uk
 Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

# Copyright (C) 2011 Ryan Dewhurst
# This program comes with ABSOLUTELY NO WARRANTY.
# This is free software, and you are welcome to redistribute it
# under certain conditions. See GNU GPLv3.

| URL: http://scottlinux.com/
| Started on Mon Oct 17 08:48:08 2011


[+] Enumerating installed plugins...

Checking for 2127 plugins...

We found 18 plugins:

page-links-to
google-analyticator
yet-another-related-posts-plugin
image-widget
featured-content-gallery
wp-captcha-free
audio-player
wordpress-popular-posts
bad-behavior
wordpress-ez-backup
twitter-widget
wp-php-widget
subscribe-to-comments-reloaded
flv-embed
php-execution-plugin
random-posts-widget
mail-from
nextgen-gallery

[+] There were 1 vulnerabilities identified from the plugin names:

* Title: XSS Vulnerability in NextGEN Gallery WordPress Plugin
* Reference: http://www.exploit-db.com/exploits/12098/

[+] Finished at Mon Oct 17 08:49:12 2011
root@bt:/pentest/web/wpscan# 

I have long since upgraded the NextGEN plugin which has fixed to above XSS prob, but it is good to know about past vulnerabilities as well!

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.