WPSeku - Simple Wordpress Security Scanner

WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

Usage

                           _             
  __      ___ __  ___  ___| | ___   _    
  \ \ /\ / / '_ \/ __|/ _ \ |/ / | | |   
   \ V  V /| |_) \__ \  __/   <| |_| |   
    \_/\_/ | .__/|___/\___|_|\_\\__,_|   
           |_|                           
[--] WPSeku - Wordpress Security Scanner  
[--] WPSeku - v0.1.0                      
[--] Momo Outaadi (@M4ll0k)               
[--] https://github.com/m4ll0k/WPSeku   

Usage: wpseku.py --url URL

 -u --url Site URL (e.g: http://site.com)
 -e --enum 
  [u:  Usernames Enumeration
 -p --plugin 
  [x:  Search Cross Site Scripting vuln
  [l:  Search Local File Inclusion vuln
  [s:  Search SQL Injection vuln
 -t --theme 
  [x:  Search Cross Site Scripting vuln
  [l:  Search Local File Inclusion vuln
  [s:  Search SQL Injection vuln
 -b --brute 
  [l:  Bruteforce password login
  [x:  Bruteforce password login via XML-RPC
 --user  Set username, try with enum users
 --wordlist Set wordlist
 -h --help Show this help and exit
Examples:
  wpseku.py -u www.site.com
  wpseku.py -u www.site.com -e [u]
  wpseku.py -u site.com/path/wp-content/plugins/wp/wp.php?id= -p [x,l,s]
  wpseku.py -u site.com --user test --wordlist dict.txt -b [l,x]

Screenshot

Download WPSeku

Read More

WPScan - WordPress Security Scanner

WPScan is a black box WordPress vulnerability scanner.

Features

• Username enumeration (from author querystring and location header)
• Weak password cracking (multithreaded)
• Version enumeration (from generator meta tag and from client side files)
• Vulnerability enumeration (based on version)
• Plugin enumeration (2220 most popular by default)
• Plugin vulnerability enumeration (based on plugin name)
• Plugin enumeration list generation
• Other misc WordPress checks (theme name, dir listing, …)

Prerequisites:

• Windows not supported
• Ruby >= 1.9.2 – Recommended: 1.9.3
• Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
• RubyGems – Recommended: latest
• Git

Changelog v2.4

New

• ‘–batch’ switch option added – Fix #454
• Add random-agent
• Added more CLI options
• Switch over to nist – Fix #301
• New choice added when a redirection is detected – Fix #438

Removed

• Removed ‘Total WordPress Sites in the World’ counter from stats
• Old wpscan repo links removed – Fix #440
• Fingerprinting Dev script removed
• Useless code removed

General core

• Rspecs update
• Forcing Travis notify the team
• Ruby 2.1.1 added to Travis
• Equal output layout for interaction questions
• Only output error trace if verbose if enabled
• Memory improvements during wp-items enumerations
• Fixed broken link checker, fixed some broken links
• Couple more 404s fixed
• Themes & Plugins list updated

WordPress Fingerprints

• WP 3.8.2 & 3.7.2 Fingerprints added – Fix #448
• WP 3.8.3 & 3.7.3 fingerprints
• WP 3.9 fingerprints

Fixed issues

• Fix #380 – Redirects in WP 3.6-3.0
• Fix #413 – Check the version of the Timthumbs files found
• Fix #429 – Error WpScan Cache Browser
• Fix #431 – Version number comparison between ’2.3.3′ and ’0.42b’
• Fix #439 – Detect if the target goes down during the scan
• Fix #451 – Do not rely only on files in wp-content for fingerprinting
• Fix #453 – Documentation or inplemention of option parameters
• Fix #455 – Fails with a message if the target returns a 403 during the wordpress check

Vulnerabilities

• Update WordPress Vulnerabilities
• Fixed some duplicate vulnerabilities

WPScan Database Statistics:

• Total vulnerable versions: 79; 1 is new
• Total vulnerable plugins: 748; 55 are new
• Total vulnerable themes: 292; 41 are new
• Total version vulnerabilities: 617; 326 are new
• Total plugin vulnerabilities: 1162; 146 are new
• Total theme vulnerabilities: 330; 47 are new

Download WPScan

Read More