Wpseku – Wordpress Safety Scanner

WPSeku is a dark box WordPress vulnerability scanner that tin travel used to scan remote WordPress installations to notice safety issues.

Features of WPSeku WordPress Security Scanner

WPSeku supports diverse types of scanning including:

• Testing for XSS Vulnerabilities


• Testing for SQL Injection Vulnerabilities


• Testing for LFI Vulnerabilities


• Bruteforce login via xmlrpc


• Username Enumeration


• Proxy Support


• Method (GET/POST)


• Custom Wordlists


• Custom user-agent

It also uses the WPVulnDB Vulnerability Database API at https://wpvulndb.com/api.

Installation

$ git clone https://github.com/m4ll0k/WPSeku.git wpseku
$ cd wpseku
$ pip install -r requirements.txt
$ python wpseku.py

Usage

python wpseku.py –target http://site.com –ragent

\ \      / /  _ \/ ___|  ___| | ___   _ 
 \ \ /\ / /| |_) \___ \ / _ \ |/ / | | |
  \ V  V / |  __/ ___) |  __/   <| |_| |
   \_/\_/  |_|   |____/ \___|_|\_\\__,_|
                                         
|| WPSeku - WordPress Security Scanner   
|| Version 0.2.1                         
|| Momo Outaadi (M4ll0k)                 
|| https://github.com/m4ll0k/WPSeku


Usage: ./wpseku.py [--target|-t] http://localhost
-t --targetTarget URL (eg: http://localhost)
-x --xssTesting XSS vulns
-s --sqlTesting SQL vulns
-l --lfiTesting LFI vulns
-q --queryTestable parameters (eg: "id=1&test=1")
-b --bruteBruteforce login via xmlrpc
-u --userSet username, default=admin
-p --proxySet proxy, (host:port)
-m --methodSet method (GET/POST)
-c --cookieSet cookies
-w --wordlistSet wordlist
-a --agentSet user-agent
-r --redirectRedirect target url, default=True
-h --helpShow this assist as well as exit

Examples:
wpseku.py --target http://localhost
wpseku.py -t http://localhost/wp-admin/post.php -m GET -q "post=49&action=edit" [-x,-s,-l]
wpseku.py --target http://localhost --brute --wordlist dict.txt
wpseku.py --target http://localhost --brute --user exam --wordlist dict.txt

Credits as well as Contributors

Original sentiment as well as script from WPScan Team (https://wpscan.org/)

WPScan Vulnerability Database (https://wpvulndb.com/api)

– Plecost – WordPress Fingerprinting Tool

– CMSmap – Content Management System Security Scanner

– WPScan – WordPress Vulnerability Scanner

You tin download WPSeku here: WPSeku-master.zip

Or read to a greater extent than here.

Buat lebih berguna, kongsi: