WPScan is a WordPress vulnerability scanner written in ruby, which is capable of detecting common security vulnerabilities as well as listing all plugins used by a website hosting WordPress. WPScan is pre-installed in Kali Linux. WPscan is a nice tool if you want to find out how to exploit a WordPress site as it does all of this: Username enumeration (Checks the ‘author’ query-string and the location header). Weak password cracking (This can be multi-threaded and supplied a password list of your choosing). Version enumeration (Finds what version of WordPress they are running by checking meta tags and client side files). Vulneralbility enumeration (Based on what version they are running). Timbthumb file enumeration (Checks for Timthumb exploit). Plugin enumeration (See what plugins they are running). Plugin vulneralbility enumeration (Tells you which, if any, plugins are vulnerable to exploits). Theme enumeration (What theme are they running. Sometimes you can find exploits in the the