photo lineviral_1.png

Wpseku – Wordpress Safety Scanner

WPSeku is a dark box WordPress vulnerability scanner that tin travel used to scan remote WordPress installations to notice safety issues.

WPSeku is a dark box WordPress vulnerability scanner that tin travel used to scan remote Word WPSeku – WordPress Security Scanner


Features of WPSeku WordPress Security Scanner


WPSeku supports diverse types of scanning including:



  • Testing for XSS Vulnerabilities

  • Testing for SQL Injection Vulnerabilities

  • Testing for LFI Vulnerabilities

  • Bruteforce login via xmlrpc

  • Username Enumeration

  • Proxy Support

  • Method (GET/POST)

  • Custom Wordlists

  • Custom user-agent


It also uses the WPVulnDB Vulnerability Database API at https://wpvulndb.com/api.


Installation


$ git clone https://github.com/m4ll0k/WPSeku.git wpseku
$ cd wpseku
$ pip install -r requirements.txt
$ python wpseku.py

Usage


python wpseku.py –target http://site.com –ragent


\ \      / /  _ \/ ___|  ___| | ___   _ 
\ \ /\ / /| |_) \___ \ / _ \ |/ / | | |
\ V V / | __/ ___) | __/ <| |_| |
\_/\_/ |_| |____/ \___|_|\_\\__,_|

|| WPSeku - WordPress Security Scanner
|| Version 0.2.1
|| Momo Outaadi (M4ll0k)
|| https://github.com/m4ll0k/WPSeku


Usage: ./wpseku.py [--target|-t] http://localhost
-t --targetTarget URL (eg: http://localhost)
-x --xssTesting XSS vulns
-s --sqlTesting SQL vulns
-l --lfiTesting LFI vulns
-q --queryTestable parameters (eg: "id=1&test=1")
-b --bruteBruteforce login via xmlrpc
-u --userSet username, default=admin
-p --proxySet proxy, (host:port)
-m --methodSet method (GET/POST)
-c --cookieSet cookies
-w --wordlistSet wordlist
-a --agentSet user-agent
-r --redirectRedirect target url, default=True
-h --helpShow this assist as well as exit

Examples:
wpseku.py --target http://localhost
wpseku.py -t http://localhost/wp-admin/post.php -m GET -q "post=49&action=edit" [-x,-s,-l]
wpseku.py --target http://localhost --brute --wordlist dict.txt
wpseku.py --target http://localhost --brute --user exam --wordlist dict.txt

Credits as well as Contributors


Original sentiment as well as script from WPScan Team (https://wpscan.org/)


WPScan Vulnerability Database (https://wpvulndb.com/api)



Buat lebih berguna, kongsi:
close