WPScan是一款使用ruby编写、基于白盒测试的WordPress安全扫描器，它会尝试查找WordPress安装版的一些已知的安全弱点。WPScan可以辅助专业安全人员或是WordPress管理员评估他们的WordPress安装版的安全状况。WPScan更新至1.1版,新版主要改变:
Changelog v1.1
    * Detection for 750 more plugins.
    * Detection for 107 new plugin vulnerabilities.
    * Detection for 447 possible timthumb file locations.
    * Advanced version fingerprinting implemented.
    * Full Path Disclosure (FPD) checks.
    * Auto updates.
    * Progress indicators.
    * Improved custom 404 checking.
    * Improved plugin detection.
    * Improved error_log checking.
    * Lots of bugs fixed.
    * Lots of small tweaks.

Principal Features
    * Username enumeration (from author querystring and location header)
    * Weak password cracking (multithreaded)
    * Version enumeration (from generator meta tag and from client side files)
    * Vulnerability enumeration (based on version)
    * Plugin enumeration (2220 most popular by default)
    * Plugin vulnerability enumeration (based on plugin name)
    * Plugin enumeration list generation
    * Other misc WordPress checks (theme name, dir listing, …)
工具下载:https://code.google.com/p/wpscan