WPScan
WPScan is a security scanner designed for testing the security of websites built using WordPress. WPScan was developed using the Ruby programming language and then released in the first version in 2019. The WPScan security scanner is primarily intended to be used by WordPress administrators and security teams to assess the security status of their WordPress installations. It is used to scan WordPress websites for known vulnerabilities both in WordPress and commonly used WordPress plugins and themes. The code base for WPScan is licensed under GPLv3. WPScan is a WordPress black box scanner. The goal for using WPScan is to execute the activities of a real threat actor. WPScan does not require access to the source code or the WordPress dashboard. WPScan uses the wpvulndb.com vulnerability database which is a comprehensive list of WordPress core, plugin, and theme vulnerabilities. Frequently running WPScan is important to make sure that plug-ins and themes have no exposed vulnerabiliti...