WebApp Sec mailing list archives
Re: Introducing WPScan – WordPress Security Scanner
From: Veronica <vero.valeros () gmail com>
Date: Sun, 19 Jun 2011 13:59:12 -0300
Hi!,
WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations.
I tried it minutes ago, nice tool!
Features include: Username enumeration (from ?author)
I tried it with some WordPress based websites and it is not showing the usernames but the display name. Did you wanted to get the display name? If you expected to get the username, you can find it by parsing the head section of the html source code, the username is usually inside an href tag preceded by '/author/'. Hope it's useful! Verónica -- --------------------------------------------------------------- http://keyserver.veridis.com:11371/export?id=5229491868415998346&created=1256222534000 This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Introducing WPScan – WordPress Security Scanner Ryan Dewhurst (Jun 18)
- Re: Introducing WPScan – WordPress Security Scanner seth (Jun 19)
- Re: Introducing WPScan – WordPress Security Scanner Ryan Dewhurst (Jun 19)
- Re: Introducing WPScan – WordPress Security Scanner Veronica (Jun 19)
- Re: Introducing WPScan – WordPress Security Scanner Ryan Dewhurst (Jun 19)
- Message not available
- RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Chris Weber (Jun 20)
- Message not available
- RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Chris Weber (Jun 20)
- Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Ryan Dewhurst (Jun 20)
- RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Chris Weber (Jun 20)
- Re: Introducing WPScan – WordPress Security Scanner seth (Jun 19)