Convert Figma logo to code with AI

wpscanteam logowpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

8,559
1,261
8,559
67
View on GitHub

Top Related Projects

sullo's avatar

nikto

8,470

Nikto web server scanner

sqlmapproject's avatar

sqlmap

32,268

Automatic SQL injection and database takeover tool

nmap's avatar

nmap

10,048

Nmap - the Network Mapper. Github mirror of official SVN repository.

andresriancho's avatar

w3af

4,544

w3af: web application attack and audit framework, the open source web vulnerability scanner.

zaproxy's avatar

zaproxy

12,618

The ZAP by Checkmarx Core project

OWASP's avatar

joomscan

1,056

OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/

Quick Overview

WPScan is a free, open-source black box WordPress security scanner. It can be used to scan WordPress websites for known vulnerabilities, detect installed plugins and themes, and enumerate users. WPScan is widely used by security researchers, penetration testers, and website administrators to assess the security of WordPress installations.

Pros

  • Comprehensive vulnerability detection for WordPress core, plugins, and themes
  • Regular updates to the vulnerability database
  • Supports both CLI and API usage
  • Extensive customization options for scans

Cons

  • Can be resource-intensive for large websites
  • May trigger security measures on some hosting providers
  • Requires Ruby installation, which might be a barrier for some users
  • False positives can occur, requiring manual verification

Code Examples

  1. Basic WordPress scan:
wpscan --url https://example.com

This command performs a basic scan of the WordPress site at example.com.

  1. Enumerating users:
wpscan --url https://example.com --enumerate u

This example scans the site and attempts to enumerate WordPress users.

  1. Using API token for extended functionality:
wpscan --url https://example.com --api-token YOUR_API_TOKEN

This command uses an API token to access extended functionality and an up-to-date vulnerability database.

Getting Started

To get started with WPScan:

  1. Install Ruby on your system
  2. Install WPScan: 
    gem install wpscan
  3. Update the WPScan database: 
    wpscan --update
  4. Run a basic scan: 
    wpscan --url https://example.com

For more advanced usage and options, refer to the official documentation on the WPScan GitHub repository.

Competitor Comparisons

sullo logo

nikto

8,470

Nikto web server scanner

Pros of Nikto

  • More versatile, scanning various web servers and applications beyond WordPress
  • Extensive database of known vulnerabilities and misconfigurations
  • Supports multiple output formats for easy integration with other tools

Cons of Nikto

  • Generally slower scan speed compared to WPScan
  • Less specialized for WordPress-specific vulnerabilities and enumeration
  • May produce more false positives due to its broader scope

Code Comparison

Nikto (Perl):

sub nikto_headers {
    my ($mark) = @_;
    my %headers;
    foreach my $header (@{ $mark->{headers} }) {
        my ($key, $value) = split(/: /, $header, 2);
        $headers{lc($key)} = $value;
    }
    return %headers;
}

WPScan (Ruby):

def wordpress_hosted?
  target.url.hostname =~ /wordpress\.com$/i
end

def wordpress_hosted_xpath
  "//meta[contains(@name,'generator') and @content='WordPress.com']"
end

Both tools use different programming languages and approaches. Nikto's code snippet shows header parsing, while WPScan's code checks for WordPress.com hosting. WPScan's code is more WordPress-specific, reflecting its focused nature compared to Nikto's broader approach.

sqlmapproject logo

sqlmap

32,268

Automatic SQL injection and database takeover tool

Pros of sqlmap

  • More versatile, capable of detecting and exploiting SQL injection vulnerabilities across various database management systems
  • Supports a wider range of injection techniques and attack vectors
  • Actively maintained with frequent updates and a larger community

Cons of sqlmap

  • Steeper learning curve due to its extensive features and options
  • May be considered overkill for WordPress-specific security assessments
  • Requires more manual configuration for optimal results

Code comparison

sqlmap:

def getUsers(self):
    warnMsg = "on MySQL it is not possible to enumerate the users"
    logger.warn(warnMsg)

    return []

WPScan:

def update_db!
  db_updater = DbUpdater.new
  db_updater.update!
rescue => e
  raise DatabaseUpdateError, e.message
end

While both tools are written in different languages (sqlmap in Python, WPScan in Ruby), they share similarities in error handling and modular design. sqlmap's code snippet shows a specific database-related function, while WPScan's code relates to updating its vulnerability database.

nmap logo

nmap

10,048

Nmap - the Network Mapper. Github mirror of official SVN repository.

Pros of Nmap

  • Broader scope: Nmap is a versatile network scanning and discovery tool, useful for a wide range of network-related tasks
  • Extensive feature set: Includes port scanning, OS detection, and scripting engine for custom scans
  • Large, active community: Frequent updates and extensive documentation

Cons of Nmap

  • Steeper learning curve: Requires more technical knowledge to use effectively
  • Less specialized: Not focused on WordPress-specific vulnerabilities like WPScan
  • Resource-intensive: Can be slower and more demanding on system resources for large scans

Code Comparison

WPScan (Ruby):

def scan_headers
  puts '[+] Checking headers'
  @target.headers.each do |header|
    puts " | #{header}: #{@target.headers[header]}"
  end
end

Nmap (Lua script):

local function scan_headers(host, port)
  local response = http.get(host, port, "/")
  for name, value in pairs(response.headers) do
    stdnse.print_debug(1, "%s: %s", name, value)
  end
end

Both examples show header scanning functionality, but Nmap's script is more flexible and can be used across various protocols, while WPScan is tailored specifically for WordPress sites.

andresriancho logo

w3af

4,544

w3af: web application attack and audit framework, the open source web vulnerability scanner.

Pros of w3af

  • Broader scope: Can scan various web applications, not limited to WordPress
  • More extensive plugin system with over 200 plugins
  • Supports multiple output formats (console, XML, HTML)

Cons of w3af

  • Steeper learning curve due to more complex functionality
  • Less frequent updates compared to WPScan
  • May be overkill for simple WordPress-specific scans

Code Comparison

w3af:

def get_long_desc(self):
    return """
    This plugin finds web applications in the target website.

    For example, if the target URL is:
        - http://host.tld/
    """

WPScan:

def cli_options
  [
    OptString.new(['--url URL', 'The URL of the blog to scan']),
    OptString.new(['--server SERVER', 'Force the supplied server module'])
  ]
end

Both projects use different programming languages (Python for w3af, Ruby for WPScan), reflecting their distinct approaches. w3af's code snippet shows a method for plugin description, while WPScan's code defines CLI options, highlighting its focus on WordPress-specific scanning.

zaproxy logo

zaproxy

12,618

The ZAP by Checkmarx Core project

Pros of ZAP

  • Broader scope: ZAP is a comprehensive web application security scanner, while WPScan focuses solely on WordPress
  • More active development: ZAP has more frequent updates and a larger contributor base
  • Extensive plugin ecosystem: ZAP offers a wide range of add-ons for enhanced functionality

Cons of ZAP

  • Steeper learning curve: ZAP's extensive features can be overwhelming for beginners compared to WPScan's focused approach
  • Resource-intensive: ZAP requires more system resources due to its comprehensive nature

Code Comparison

WPScan (Ruby):

def scan
  run_plugins
  enumerate_vulnerabilities
  generate_report
end

ZAP (Java):

public void scan() {
    runActiveScan();
    runPassiveScan();
    generateReport();
}

Both tools use similar high-level scanning approaches, but ZAP's implementation is more complex due to its broader scope and feature set. WPScan's code is more focused on WordPress-specific vulnerabilities and enumeration techniques.

OWASP logo

joomscan

1,056

OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/

Pros of joomscan

  • Specialized for Joomla CMS, providing more targeted and in-depth scanning for Joomla-specific vulnerabilities
  • Lightweight and easy to use, with a simple command-line interface
  • Regularly updated to include the latest Joomla vulnerabilities and security issues

Cons of joomscan

  • Limited to Joomla CMS, lacking the versatility to scan other platforms
  • Less extensive plugin ecosystem compared to WPScan
  • Smaller community and fewer contributors, potentially leading to slower development and updates

Code Comparison

WPScan (Ruby):

def update_db!
  puts 'Updating the Database ...'
  DbUpdater.new(db_path: DB_PATH).update
  puts 'Database Updated.'
end

joomscan (Perl):

sub update {
    print "[+] Update is in progress...\n";
    system("git pull origin master");
    print "[+] Update completed.\n";
}

Both tools implement update functionality, but WPScan uses a dedicated DbUpdater class, while joomscan relies on a simple git pull command for updates.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

WPScan logo

WPScan

WordPress Security Scanner

WPScan WordPress Vulnerability Database - WordPress Security Plugin

INSTALL

Prerequisites

  • (Optional but highly recommended: RVM)
  • Ruby >= 3.0 - Recommended: latest
  • Curl >= 7.72 - Recommended: latest
    • The 7.29 has a segfault
    • The < 7.72 could result in Stream error in the HTTP/2 framing layer in some cases
  • RubyGems - Recommended: latest
  • Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html

In a Pentesting distribution

When using a pentesting distubution (such as Kali Linux), it is recommended to install/update wpscan via the package manager if available.

In macOSX via Homebrew

brew install wpscanteam/tap/wpscan

From RubyGems

gem install wpscan

On MacOSX, if a Gem::FilePermissionError is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run sudo gem install -n /usr/local/bin wpscan (see #1286)

Updating

You can update the local database by using wpscan --update

Updating WPScan itself is either done via gem update wpscan or the packages manager (this is quite important for distributions such as in Kali Linux: apt-get update && apt-get upgrade) depending on how WPScan was (pre)installed

Docker

Pull the repo with docker pull wpscanteam/wpscan

Enumerating usernames

docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u

Enumerating a range of usernames

docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-100

** replace u1-100 with a range of your choice.

Usage

Full user documentation can be found here; https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation

wpscan --url blog.tld This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings.

If a more stealthy approach is required, then wpscan --stealthy --url blog.tld can be used. As a result, when using the --enumerate option, don't forget to set the --plugins-detection accordingly, as its default is 'passive'.

For more options, open a terminal and type wpscan --help (if you built wpscan from the source, you should type the command outside of the git repo)

The DB is located at ~/.wpscan/db

Optional: WordPress Vulnerability Database API

The WPScan CLI tool uses the WordPress Vulnerability Database API to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the --api-token option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on WPScan.com.

Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data.

How many API requests do you need?

  • Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
  • On average, a WordPress website has 22 installed plugins.

Load CLI options from file/s

WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):

  • ~/.wpscan/scan.json
  • ~/.wpscan/scan.yml
  • pwd/.wpscan/scan.json
  • pwd/.wpscan/scan.yml

If those files exist, options from the cli_options key will be loaded and overridden if found twice.

e.g:

~/.wpscan/scan.yml:

cli_options:
  proxy: 'http://127.0.0.1:8080'
  verbose: true

pwd/.wpscan/scan.yml:

cli_options:
  proxy: 'socks5://127.0.0.1:9090'
  url: 'http://target.tld'

Running wpscan in the current directory (pwd), is the same as wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld

Save API Token in a file

The feature mentioned above is useful to keep the API Token in a config file and not have to supply it via the CLI each time. To do so, create the ~/.wpscan/scan.yml file containing the below:

cli_options:
  api_token: 'YOUR_API_TOKEN'

Load API Token From ENV (since v3.7.10)

The API Token will be automatically loaded from the ENV variable WPSCAN_API_TOKEN if present. If the --api-token CLI option is also provided, the value from the CLI will be used.

Enumerating usernames

wpscan --url https://target.tld/ --enumerate u

Enumerating a range of usernames

wpscan --url https://target.tld/ --enumerate u1-100

** replace u1-100 with a range of your choice.

LICENSE

WPScan Public Source License

The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2019 WPScan Team.

Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.

1. Definitions

1.1 "License" means this document.

1.2 "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.

1.3 "WPScan Team" means WPScan’s core developers.

2. Commercialization

A commercial use is one intended for commercial advantage or monetary compensation.

Example cases of commercialization are:

  • Using WPScan to provide commercial managed/Software-as-a-Service services.
  • Distributing WPScan as a commercial product or as part of one.
  • Using WPScan as a value added service/product.

Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):

  • Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
  • Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
  • Using WPScan to test your own systems.
  • Any non-commercial use of WPScan.

If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - contact@wpscan.com.

Free-use Terms and Conditions;

3. Redistribution

Redistribution is permitted under the following conditions:

  • Unmodified License is provided with WPScan.
  • Unmodified Copyright notices are provided with WPScan.
  • Does not conflict with the commercialization clause.

4. Copying

Copying is permitted so long as it does not conflict with the Redistribution clause.

5. Modification

Modification is permitted so long as it does not conflict with the Redistribution clause.

6. Contributions

Any Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor's content.

7. Support

WPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the WPScan Team.

8. Disclaimer of Warranty

WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.

9. Limitation of Liability

To the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's actions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.

10. Disclaimer

Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.

11. Trademark

The "wpscan" term is a registered trademark. This License does not grant the use of the "wpscan" trademark or the use of the WPScan logo.