WPScan, a WordPress Vulnerability Scanner for Android was just released. The app was developed by Alessio Dalla Piazza, an Android hacker and is available to download from the Google Play Store. Besides .htaccess tweaking and security plugin used to secure your WordPress site, I believe WPScan to be another great tool to do basic penetration testing to your own website.
The app will attempt to find known security flaw within WordPress installations. If you prefer to use it on your desktop, you might be interested in the desktop version of the WPScan. The desktop version is great with many advanced features. However, it is found to be quite slow.
The Android version of WPScan includes user enumeration and will detect timthumb file, theme and WordPress version and notify you. It also comes with few other advanced features.
The author is also kind enough to release the full source code that is available from Github. For those interested in the Android version, don’t forget to download it from Google Play.
Update: Please note that the Android version of the WPScan is not the official app by WPScan.
Leave a Reply