WPScan is an open source WordPress security scanner. You can use it to scan your WordPress website for known vulnerabilities within the WordPress core, as well as popular WordPress plugins and themes.
Since it is a WordPress black box scanner, it mimics a real attacker. This means it does not rely on any sort of access to your WordPress dashboard or source code to conduct the tests. In other words, if WPScan can find a vulnerability in your WordPress website, so can an attacker.
WPScan uses the vulnerability database called wpvulndb.com to check the target for known vulnerabilities. The team which develops WPScan maintains this database. It has an ever-growing list of WordPress core, plugins and themes vulnerabilities.
Getting started with WPScan security scanner
WPScan is a Ruby application. You can run WPScan on Linux and macOS by installing the Ruby gem. You can also run it by cloning the WPScan Github repository.
The quickest way to get started with WPScan is to install the WPScan plugin on your WordPress website. You can also use a ready-made Docker image. If you’ve never used Docker and you do not want to install the plugin, you can find WPScan installed on free penetration-testing focused Linux distributions such as Pentoo and Kali linux.
WPScan WordPress security scanner features
WordPress enumeration scans
En ..
Support the originator by clicking the read the rest link below.
