WPScan is a vulnerability scanner by Ryan Dewhurst which checks the security of WordPress installations using a black box approach.
Features:
Username enumeration (from ?author)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (todo)
Plugin vulnerability enumeration (based on version) (todo)
WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.
Project homepage on Google Code: http://code.google.com/p/wpscan/
You can download and start running WPScan ALPHA by checking out the SVN trunk.
“svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only”
More info: http://www.ethicalhack3r.co.uk/security/introducing-wpscan-wordpress-security-scanner/