RandomStorm’s WPScan, the free WordPress security scanner, has been added to the latest version of BackTrack.
BackTrack is an open source operating system that provides security consultants with an array of digital forensics and penetration testing tools, used to assist them in finding and remedying security flaws in company networks, websites and applications.
Tools are grouped into categories including: vulnerability assessment, stress testing, reverse engineering, forensics and reporting.
WPScan checks blogs for plug-ins that could open up back doors into Websites, which could then be exploited by hackers to inject SQL code into Web pages or conduct a XSS attack. It was developed by Ryan Dewhurst, who also developed the Damn Vulnerable Web Application, which teaches developers how to secure their Web applications.
The WordPress Scanner software enables security professionals and WordPress administrators to check for plug-ins or vulnerabilities that could leave blogs and Websites open to hackers.
WPScan is a black box tool developed using the Ruby programming language and is available as a free download.