WordPress scanners that could be used to identify potential vulnerabilities in websites built with the WordPress platform include:
WordPress Security Scanner – http://code.google.com/p/wpscan/
WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach. Download the latest WPScan from the Subversion (SVN) code repository by issuing the following command: svn checkout http://wpscan.googlecode.com/svn/trunk/ ./wpscan
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag and from client side files)
- Vulnerability enumeration (based on version)
- Timbthumb file enumeration
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on plugin name)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, …)
WordPress Fingerprinting Tool – http://code.google.com/p/plecost/
Plecost is a WordPress finger printing tool which can search and retrieve information about the plugin versions installed on WordPress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. The plugin list is based on the “Most popular” plugin list from wordpress.org, and linked with related entries in CVE.mitre.org.
- Google search mode – Retrieve information based on Google results, from list of plugins that are given as input
- Reload plugin list – Generates a list of plugins from the “Most popular” plugin list from WordPress.org.
- URL mode – Analyses the information from a single URL provided as a parameter.
WordPress Plugin Fingerprinter – http://code.google.com/p/wpfinger/
wpfinger is a tool that can analyze the WordPress plugin repository and generate signatures based on diffs between each version of the plugin. It can then use these signatures to scan a website running WordPress, and detect the presence of any plugin in the repository as well as infer the installed version.
Discover the CMS components behind the site – http://code.google.com/p/cms-explorer/
CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
Additionally, CMS Explorer can be used to aid in security testing. While it performs no direct security checks, the “explore” option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible. This is done by retrieving the module’s current source tree and then requesting those file names from the target system. These requests can be sent through a distinct proxy to help “bootstrap” security testing tools like Burp, Paros, Webinspect, etc.
CMS Explorer can also search OSVDB for vulnerabilities with the installed components. CMS Explorer currently supports module/theme discovery with the following products:
And exploration of the following products: