WPSeku V0.4 - Wordpress Security Scanner
WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.
Installation
$ git clone https://github.com/m4ll0k/WPSeku.git wpseku
$ cd wpseku
$ pip3 install -r requirements.txt
$ python3 wpseku.pyUsage
Generic Scan
python3 wpseku.py --url https://www.xxxxxxx.com --verbose- Output
----------------------------------------
_ _ _ ___ ___ ___| |_ _ _
| | | | . |_ -| -_| '_| | |
|_____| _|___|___|_,_|___|
|_| v0.4.0
WPSeku - Wordpress Security Scanner
by Momo Outaadi (m4ll0k)
----------------------------------------
[ + ] Target: https://www.xxxxxxx.com
[ + ] Starting: 02:38:51
[ + ] Server: Apache
[ + ] Uncommon header "X-Pingback" found, with contents: https://www.xxxxxxx.com/xmlrpc.php
[ i ] Checking Full Path Disclosure...
[ + ] Full Path Disclosure: /home/ehc/public_html/wp-includes/rss-functions.php
[ i ] Checking wp-config backup file...
[ + ] wp-config.php available at: https://www.xxxxxxx.com/wp-config.php
[ i ] Checking common files...
[ + ] robots.txt file was found at: https://www.xxxxxxx.com/robots.txt
[ + ] xmlrpc.php file was found at: https://www.xxxxxxx.com/xmlrpc.php
[ + ] readme.html file was found at: https://www.xxxxxxx.com/readme.html
[ i ] Checking directory listing...
[ + ] Dir "/wp-admin/css" listing enable at: https://www.xxxxxxx.com/wp-admin/css/
[ + ] Dir "/wp-admin/images" listing enable at: https://www.xxxxxxx.com/wp-admin/images/
[ + ] Dir "/wp-admin/includes" listing enable at: https://www.xxxxxxx.com/wp-admin/includes/
[ + ] Dir "/wp-admin/js" listing enable at: https://www.xxxxxxx.com/wp-admin/js/
......Bruteforce Login
python3 wpseku.py --url https://www.xxxxxxx.com --brute --user test --wordlist wl.txt --verbose- Output
----------------------------------------
_ _ _ ___ ___ ___| |_ _ _
| | | | . |_ -| -_| '_| | |
|_____| _|___|___|_,_|___|
|_| v0.4.0
WPSeku - Wordpress Security Scanner
by Momo Outaadi (m4ll0k)
----------------------------------------
[ + ] Target: https://www.xxxxxxx.com
[ + ] Starting: 02:46:32
[ + ] Bruteforcing Login via XML-RPC...
[ i ] Setting user: test
[ + ] Valid Credentials:
-----------------------------
| Username | Passowrd |
-----------------------------
| test | kamperasqen13 |
-----------------------------
Scan plugin,theme and wordpress code
python3 wpseku.py --scan <dir/file> --verboseNote: Testing Akismet Directory Plugin https://plugins.svn.wordpress.org/akismet
- Output
----------------------------------------
_ _ _ ___ ___ ___| |_ _ _
| | | | . |_ -| -_| '_| | |
|_____| _|___|___|_,_|___|
|_| v0.4.0
WPSeku - Wordpress Security Scanner
by Momo Outaadi (m4ll0k)
----------------------------------------
[ + ] Checking PHP code...
[ + ] Scanning directory...
[ i ] Scanning trunk/class.akismet.php file
----------------------------------------------------------------------------------------------------------
| Line | Possibile Vuln. | String |
----------------------------------------------------------------------------------------------------------
| 597 | Cross-Site Scripting | [b"$_GET['action']", b"$_GET['action']"] |
| 601 | Cross-Site Scripting | [b"$_GET['for']", b"$_GET['for']"] |
| 140 | Cross-Site Scripting | [b"$_POST['akismet_comment_nonce']", b"$_POST['akismet_comment_nonce']"] |
| 144 | Cross-Site Scripting | [b"$_POST['_ajax_nonce-replyto-comment']"] |
| 586 | Cross-Site Scripting | [b"$_POST['status']", b"$_POST['status']"] |
| 588 | Cross-Site Scripting | [b"$_POST['spam']", b"$_POST['spam']"] |
| 590 | Cross-Site Scripting | [b"$_POST['unspam']", b"$_POST['unspam']"] |
| 592 | Cross-Site Scripting | [b"$_POST['comment_status']", b"$_POST['comment_status']"] |
| 599 | Cross-Site Scripting | [b"$_POST['action']", b"$_POST['action']"] |
| 214 | Cross-Site Scripting | [b"$_SERVER['HTTP_REFERER']", b"$_SERVER['HTTP_REFERER']"] |
| 403 | Cross-Site Scripting | [b"$_SERVER['REQUEST_TIME_FLOAT']", b"$_SERVER['REQUEST_TIME_FLOAT']"] |
| 861 | Cross-Site Scripting | [b"$_SERVER['REMOTE_ADDR']", b"$_SERVER['REMOTE_ADDR']"] |
| 930 | Cross-Site Scripting | [b"$_SERVER['HTTP_USER_AGENT']", b"$_SERVER['HTTP_USER_AGENT']"] |
| 934 | Cross-Site Scripting | [b"$_SERVER['HTTP_REFERER']", b"$_SERVER['HTTP_REFERER']"] |
| 1349 | Cross-Site Scripting | [b"$_SERVER['REMOTE_ADDR']"] |
----------------------------------------------------------------------------------------------------------
[ i ] Scanning trunk/wrapper.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/akismet.php file
-----------------------------------------------
| Line | Possibile Vuln. | String |
-----------------------------------------------
| 55 | Authorization Hole | [b'is_admin()'] |
-----------------------------------------------
[ i ] Scanning trunk/class.akismet-cli.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/class.akismet-widget.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/index.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/class.akismet-admin.php file
--------------------------------------------------------------------------------------------------------------------
| Line | Possibile Vuln. | String |
--------------------------------------------------------------------------------------------------------------------
| 39 | Cross-Site Scripting | [b"$_GET['page']", b"$_GET['page']"] |
| 134 | Cross-Site Scripting | [b"$_GET['akismet_recheck']", b"$_GET['akismet_recheck']"] |
| 152 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 190 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 388 | Cross-Site Scripting | [b"$_GET['recheckqueue']"] |
| 841 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 843 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 850 | Cross-Site Scripting | [b"$_GET['action']"] |
| 851 | Cross-Site Scripting | [b"$_GET['action']"] |
| 852 | Cross-Site Scripting | [b"$_GET['_wpnonce']", b"$_GET['_wpnonce']"] |
| 868 | Cross-Site Scripting | [b"$_GET['token']", b"$_GET['token']"] |
| 869 | Cross-Site Scripting | [b"$_GET['token']"] |
| 873 | Cross-Site Scripting | [b"$_GET['action']"] |
| 874 | Cross-Site Scripting | [b"$_GET['action']"] |
| 1005 | Cross-Site Scripting | [b"$_GET['akismet_recheck_complete']"] |
| 1006 | Cross-Site Scripting | [b"$_GET['recheck_count']"] |
| 1007 | Cross-Site Scripting | [b"$_GET['spam_count']"] |
| 31 | Cross-Site Scripting | [b"$_POST['action']", b"$_POST['action']"] |
| 256 | Cross-Site Scripting | [b"$_POST['_wpnonce']"] |
| 260 | Cross-Site Scripting | [b'$_POST[$option]', b'$_POST[$option]'] |
| 267 | Cross-Site Scripting | [b"$_POST['key']"] |
| 392 | Cross-Site Scripting | [b"$_POST['offset']", b"$_POST['offset']", b"$_POST['limit']", b"$_POST['limit']"] |
| 447 | Cross-Site Scripting | [b"$_POST['id']"] |
| 448 | Cross-Site Scripting | [b"$_POST['id']"] |
| 460 | Cross-Site Scripting | [b"$_POST['id']", b"$_POST['url']"] |
| 461 | Cross-Site Scripting | [b"$_POST['id']"] |
| 464 | Cross-Site Scripting | [b"$_POST['url']"] |
| 388 | Cross-Site Scripting | [b"$_REQUEST['action']", b"$_REQUEST['action']"] |
| 400 | Cross-Site Scripting | [b"$_SERVER['HTTP_REFERER']", b"$_SERVER['HTTP_REFERER']"] |
--------------------------------------------------------------------------------------------------------------------
[ i ] Scanning trunk/class.akismet-rest-api.php file
[ + ] Not found vulnerabilities
Credits and Contributors
Original idea and script from WPScan Team (https://wpscan.org/)
WPScan Vulnerability Database (https://wpvulndb.com/api)
Related posts
- Pentest Automation Tools
- Install Pentest Tools Ubuntu
- Hacker Tools Windows
- Nsa Hack Tools
- Tools 4 Hack
- Hacking Tools Name
- Best Hacking Tools 2020
- Pentest Tools Windows
- Hacks And Tools
- Hacker Tools For Mac
- Game Hacking
- Tools Used For Hacking
- How To Install Pentest Tools In Ubuntu
- Hack Tools Mac
- Hackrf Tools
- Hacker Tools Mac
- Pentest Automation Tools
- What Are Hacking Tools
- Hacker Search Tools
- How To Install Pentest Tools In Ubuntu
- Kik Hack Tools
- Hack Apps
- Android Hack Tools Github
- Pentest Tools For Mac
- Pentest Tools Open Source
- Hacker Security Tools
- Hack Rom Tools
- Hack Website Online Tool
- Hackrf Tools
- Android Hack Tools Github
- Pentest Tools Framework
- Pentest Tools Port Scanner
- Pentest Tools For Ubuntu
- Best Hacking Tools 2020
- Pentest Tools Nmap
- Hacking Tools And Software
- Pentest Tools Website Vulnerability
- Hack Tools Pc
- Pentest Tools Download
- Hacking Tools Usb
- Pentest Tools Download
- Hacking Tools Download
- Pentest Tools Windows
- Best Pentesting Tools 2018
- Hacking Tools Kit
- Hacking Tools Github
- Hacker Tools Hardware
- Hacking Tools Kit
- Pentest Tools Find Subdomains
- Pentest Tools List
- New Hack Tools
- New Hacker Tools
- Hacking Tools 2019
- Pentest Tools Review
- Free Pentest Tools For Windows
- Pentest Tools Website
- Hacker Tools Apk Download
- Hacking Tools Software
- Hacker Tools
- Hacker Tools Apk Download
- Pentest Tools Download
- Black Hat Hacker Tools
- Ethical Hacker Tools
- Hacker Tools Free Download
- Hackers Toolbox
- Hack Tools Pc
- Hacking Tools For Games
- What Is Hacking Tools
- Hacker Tools Online
- Pentest Tools Website Vulnerability
- Hack Tools Mac
- Pentest Tools Subdomain
- Hack App
- Hacking Tools And Software
- Hak5 Tools
- Pentest Tools For Android
- Hackers Toolbox
- Hacking Tools For Pc
- Hack Tools
- Pentest Tools Alternative
- Hacker
- Pentest Tools Online
- Pentest Tools Alternative
- Hack Tools
- Hacking App
- What Are Hacking Tools
- Pentest Box Tools Download
- Hacker Tools Windows
- Nsa Hack Tools
- Hack Tools For Mac
- New Hack Tools
- Pentest Tools Download
- Hacker Hardware Tools
- What Are Hacking Tools
- Pentest Tools Review
- Hack Tools Github
- Hacking Tools Kit
- Beginner Hacker Tools
- Hacker Tools List
- Hacker Tools 2020
- Hacking Tools Name
- Hacker Tools Free
- Pentest Tools Open Source
- Pentest Tools Find Subdomains
- Hack Tools Online
- Hacking Tools For Windows
- Pentest Box Tools Download
- Pentest Tools Tcp Port Scanner
posted by Affiliate Marketer @ 10:44 PM
0 Comments
