BackTrack is an open-source operating system that provides security consultants with an array of digital forensics and penetration testing tools, used to assist them in finding and remedying security flaws in company networks, websites and applications. Tools are grouped into categories including: vulnerability assessment, stress testing, reverse engineering, forensics and reporting.
The move is a major increase in distribution for Leeds-based Randomstorm and positive for WordPress, Infosecurity notes.
As reported earlier this year, WPScan checks WordPress-based sites for plug-ins and other threats that could open up back doors into websites, which could then be exploited by hackers.
The software was developed by RandomStorm's penetration tester Ryan Dewhurst, who also developed the Damn Vulnerable Web Application (DVWA), which is billed as teaching developers and security professionals how to secure their web applications.
Common website hacks that the software monitors for include injecting SQL code into a page; defacement, such as swapping out corporate logos for the slogan of a protest organisation; cross site scripting (XSS); and code execution.
Dewhurst said that BackTrack is used by the majority of penetration testers the world over, so he is delighted to see WPScan being added to the programme just a few weeks after he released it.
“This will enable the security community to continue refining the scanner so that web developers and blog administrators can gain an even more powerful tool to check for any unwanted plug-ins or vulnerabilities in their blogs”, he said.
Andrew Mason, technical director at RandomStorm, meanwhile, said that WPScan was initially developed as part of RandomStorm’s service to help clients identify vulnerabilities and improve the overall security of their businesses.
BackTrack’s inclusion of the scanner, he explained, will make it available to a much broader audience and help people all over the world to improve their blog and website security.”