[WEB SECURITY] Introducing WPScan - WordPress Security Scanner

Chris Weber chris at casabasecurity.com
Mon Jun 20 13:04:49 EDT 2011

dd, have you open sourced any parts of  your production code, such as the
fingerprinting data?  Or do we each need to do that work independently?

And have you detected any edge cases - for example a Web server that
includes an extra newline character in the body?


-----Original Message-----
From: sucurisec at gmail.com [mailto:sucurisec at gmail.com] On Behalf Of
dd at sucuri.net
Sent: Monday, June 20, 2011 9:58 AM
To: Chris Weber
Cc: seth; ryandewhurst at gmail.com; webappsec at securityfocus.com;
websecurity at webappsec.org
Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner

Comparing the hashes of some js/css file is probably the most reliable
method, since lots of sites hide their version from the generator and remove
the readme file.

We wrote an article about it a while ago:

And we still use that on our scanner ( http://sitecheck.sucuri.net ) :)


More information about the websecurity mailing list