Framework and Application-Specific Vulnerabilities                          Chapter 9

            Burp and WPScan

            One of the advantages of using the Burp extension method of applying WPScan is that it
            makes it easier to integrate the scanner within the larger Burp tool set. If you're relying
            heavily on manually flagging pages as in-scope, for example, you can have WPScan
            piggyback on that information to ensure that you're consistently staying on target
            throughout the engagement.


            Setting up WPScan to integrate with Burp is easy. The first thing you need to do is navigate
            to the BApp Store to download the extension:
































            You can also load extensions manually by selecting the extension file (it can be in either
            Java, Python, or Ruby) from within the manual install modal:















                                                    [ 153 ]