[WEB SECURITY] WPScan 1.1 released

Ryan Dewhurst ryandewhurst at gmail.com
Fri Nov 25 07:47:59 EST 2011

WPScan is a vulnerability scanner which checks the security of
WordPress installations using a black box approach
I am pleased to announce, after 5 months of work, that WPScan version 1.1
has been released!

With 780 more lines of code the most notable changes are:

Detection for 750 more plugins.
Detection for 107 new plugin vulnerabilities.
Detection for 447 possible timthumb file locations.
Advanced version fingerprinting implemented.
Full Path Disclosure (FPD) checks.
Auto updates.
Progress indicators.
Improved custom 404 checking.
Improved plugin detection.
Improved error_log checking.
Lots of bugs fixed.
Lots of small tweaks.

A full list of changes can be found here:

We have done away with file downloads and instead we’re using Subversion
(SVN) for distributing WPScan, you can checkout WPScan 1.1 by issuing the
following command:

svn checkout http://wpscan.googlecode.com/svn/trunk/ ./wpscan-1.1

WPScan can also be found pre-installed in Backtrack5 R1 in the
‘/pentest/web/wpscan’ directory and will soon be available in SamuraiWTF.

Thanks to everyone who reported bugs or requested features. A special
thanks to Alip, @gbrindisi and michee08.

If you find any pesky bugs or want to request a feature in version 1.1,
please do so here:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20111125/8c4e69ae/attachment-0003.html>

More information about the websecurity mailing list