{"id":1164,"date":"2020-01-30T22:35:26","date_gmt":"2020-01-30T21:35:26","guid":{"rendered":"https:\/\/dradisframework.com\/blog\/?p=1164"},"modified":"2020-01-30T22:54:41","modified_gmt":"2020-01-30T21:54:41","slug":"dradis-wpscan-integration","status":"publish","type":"post","link":"https:\/\/dradis.com\/blog\/2020\/01\/dradis-wpscan-integration\/","title":{"rendered":"New Dradis Integration: WPScan"},"content":{"rendered":"\n
\"WPScan<\/figure>\n\n\n\n

When the WPScan<\/a> team approached us in late 2019 offering to create an integration for Dradis, we were excited to work together. What goes together better than a WordPress security scanning tool<\/a> and an easy way to turn those findings into a customized report<\/a>? Maybe<\/em> chocolate and peanut butter, but the Dradis WPScan integration is much more likely to result in a more secure website.<\/p>\n\n\n\n

\"A
Time to update WordPress \ud83d\ude2c <\/figcaption><\/figure>\n\n\n\n

WordPress powers 35% of the Internet’s websites from hobby blogs to Fortune 50 companies. WordPress’ ease of use, well-established community, and extensive plugins offerings (55,457 as of this post) make it an attractive option for creating a presence online. Unfortunately, these same charms also make WordPress an easy and frequent target for attack. <\/p>\n\n\n\n

In 2011, while investigating his own blog’s security, Ryan Dewhurst<\/a> created a script that combined testing for WordPress’ vulnerabilities into a single tool. This script, now WPScan<\/a>, enumerates usernames, plugins, and themes, performs brute force password attacks, and identifies the version of WordPress on a target. <\/p>\n\n\n\n

WPScan contributors went on to create WPVulnDB<\/a> to manage the ever-growing list of known WordPress vulnerabilities in an online database. When used together, WPScan and WPVulnDB API provide realtime detailed vulnerabilities and recommendations in your scan results. <\/p>\n\n\n\n

This new Dradis WPScan integration<\/a> makes it a snap for you to import the results of your WPScan directly to a Dradis Project. Each target maps to a node within your Dradis project, any vulnerabilities found in a plugin, theme, or setup become Dradis issues, and when evidence is available – like a list of enumerated usernames – it is pulled into Dradis as evidence.<\/p>\n\n\n\n

Ready to get started with Dradis and WPScan? <\/strong><\/h2>\n\n\n\n

The steps to add the Dradis WPScan integration to Dradis CE or Dradis Pro are similar for both editions. <\/p>\n\n\n\n