WPScan was written in Perl and is a great tool for testing your WordPress security and the prevention of brute force attacks. This script is also included in the backtrack pen-testing Linux distribution.
Currently what this Perl script can do:
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag and from client-side files)
- Vulnerability enumeration (based on version)
- Timbthumb file enumeration
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on plugin name)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, …)
Useful commands contained in the script:
Only the ‘–url’ option: Enumerate wordpress usernames. The ‘–wordlist’ option: Enumerate wordpress usernames. Start a dictionary attack on all usernames enumerated. The ‘–username’ option: Specify a single username to start the dictionary attack on.
A quick demonstration in backtrack:
