Great news for all informaton securiy enthusiasts and penetration testers out there! The developer of WPScan has just released the new version 1.1 after 5 months of hard work and developement. Kudos to Ryan Dewhurst a.k.a ethicalhack3r for making these changes:
123456789101112 Detection for 750 more plugins.Detection for 107 new plugin vulnerabilities.Detection for 447 possible timthumb file locations.Advanced version fingerprinting implemented.Full Path Disclosure (FPD) checks.Auto updates.Progress indicators.Improved custom 404 checking.Improved plugin detection.Improved error_log checking.Lots of bugs fixed.Lots of small tweaks.
<strong>Full lists of changes</strong>: <a href="http://code.google.com/p/wpscan/source/browse/trunk/CHANGELOG" target="_blank">http://code.google.com/p/wpscan/source/browse/trunk/CHANGELOG</a>
For those of you who don’t know. WPScan is a WordPress Security Scanner coded in Ruby which checks the security of your WordPress website or blog by using a black box approach. It can also be integrated to Metasploit just like some penetration and secuity auditing tools out there. To update your WPScan just issue this command in your terminal:
1 <span style="color: #ff6600;">svn checkout http://wpscan.googlecode.com/svn/trunk/ ./wpscan-1.1</span>
For more updates about the development of WPScan, check the developer’s blog.