Netsparker Web Application Security Scanner

ToolsWatch is using Netsparker Web Application Security Scanner to identify vulnerabilities.


Tools wpscan_logo_407x80

Published on May 5th, 2014 | by MaxiSoler

0

WPScan v2.4 Released

WPScan is a black box WordPress vulnerability scanner.

 

Features

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, …)

Prerequisites:

  • Windows not supported
  • Ruby >= 1.9.2 – Recommended: 1.9.3
  • Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
  • RubyGems – Recommended: latest
  • Git

 

wpscan_logo_407x80

Changelog v2.4

New

  • ‘–batch’ switch option added – Fix #454
  • Add random-agent
  • Added more CLI options
  • Switch over to nist – Fix #301
  • New choice added when a redirection is detected – Fix #438

Removed

  • Removed ‘Total WordPress Sites in the World’ counter from stats
  • Old wpscan repo links removed – Fix #440
  • Fingerprinting Dev script removed
  • Useless code removed

General core

  • Rspecs update
  • Forcing Travis notify the team
  • Ruby 2.1.1 added to Travis
  • Equal output layout for interaction questions
  • Only output error trace if verbose if enabled
  • Memory improvements during wp-items enumerations
  • Fixed broken link checker, fixed some broken links
  • Couple more 404s fixed
  • Themes & Plugins list updated

WordPress Fingerprints

  • WP 3.8.2 & 3.7.2 Fingerprints added – Fix #448
  • WP 3.8.3 & 3.7.3 fingerprints
  • WP 3.9 fingerprints

Fixed issues

  • Fix #380 – Redirects in WP 3.6-3.0
  • Fix #413 – Check the version of the Timthumbs files found
  • Fix #429 – Error WpScan Cache Browser
  • Fix #431 – Version number comparison between ’2.3.3′ and ’0.42b’
  • Fix #439 – Detect if the target goes down during the scan
  • Fix #451 – Do not rely only on files in wp-content for fingerprinting
  • Fix #453 – Documentation or inplemention of option parameters
  • Fix #455 – Fails with a message if the target returns a 403 during the wordpress check

Vulnerabilities

  • Update WordPress Vulnerabilities
  • Fixed some duplicate vulnerabilities

WPScan Database Statistics:

  • Total vulnerable versions: 79; 1 is new
  • Total vulnerable plugins: 748; 55 are new
  • Total vulnerable themes: 292; 41 are new
  • Total version vulnerabilities: 617; 326 are new
  • Total plugin vulnerabilities: 1162; 146 are new
  • Total theme vulnerabilities: 330; 47 are new

 

More Information: here

Download WPScan v2.4

Download Post in PDF Save Post as PDF

Tags: , ,


About the Author

ToolsWatcher. Collaborator of the Black Hat Arsenal Event.



Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Back to Top ↑