WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.
Installation
$ git clone https://github.com/m4ll0k/WPSeku.git wpseku
$ cd wpseku
$ pip3 install -r requirements.txt
$ python3 wpseku.py
Usage
Generic Scan
python3 wpseku.py --url https://www.xxxxxxx.com --verbose
- Output
----------------------------------------
_ _ _ ___ ___ ___| |_ _ _
| | | | . |_ -| -_| '_| | |
|_____| _|___|___|_,_|___|
|_| v0.4.0
WPSeku - Wordpress Security Scanner
by Momo Outaadi (m4ll0k)
----------------------------------------
[ + ] Target: https://www.xxxxxxx.com
[ + ] Starting: 02:38:51
[ + ] Server: Apache
[ + ] Uncommon header "X-Pingback" found, with contents: https://www.xxxxxxx.com/xmlrpc.php
[ i ] Checking Full Path Disclosure...
[ + ] Full Path Disclosure: /home/ehc/public_html/wp-includes/rss-functions.php
[ i ] Checking wp-config backup file...
[ + ] wp-config.php available at: https://www.xxxxxxx.com/wp-config.php
[ i ] Checking common files...
[ + ] robots.txt file was found at: https://www.xxxxxxx.com/robots.txt
[ + ] xmlrpc.php file was found at: https://www.xxxxxxx.com/xmlrpc.php
[ + ] readme.html file was found at: https://www.xxxxxxx.com/readme.html
[ i ] Checking directory listing...
[ + ] Dir "/wp-admin/css" listing enable at: https://www.xxxxxxx.com/wp-admin/css/
[ + ] Dir "/wp-admin/images" listing enable at: https://www.xxxxxxx.com/wp-admin/images/
[ + ] Dir "/wp-admin/includes" listing enable at: https://www.xxxxxxx.com/wp-admin/includes/
[ + ] Dir "/wp-admin/js" listing enable at: https://www.xxxxxxx.com/wp-admin/js/
......
Bruteforce Login
python3 wpseku.py --url https://www.xxxxxxx.com --brute --user test --wordlist wl.txt --verbose
- Output
----------------------------------------
_ _ _ ___ ___ ___| |_ _ _
| | | | . |_ -| -_| '_| | |
|_____| _|___|___|_,_|___|
|_| v0.4.0
WPSeku - Wordpress Security Scanner
by Momo Outaadi (m4ll0k)
----------------------------------------
[ + ] Target: https://www.xxxxxxx.com
[ + ] Starting: 02:46:32
[ + ] Bruteforcing Login via XML-RPC...
[ i ] Setting user: test
[ + ] Valid Credentials:
-----------------------------
| Username | Passowrd |
-----------------------------
| test | kamperasqen13 |
-----------------------------
Scan plugin,theme and wordpress code
python3 wpseku.py --scan <dir/file> --verbose
Note: Testing Akismet Directory Plugin https://plugins.svn.wordpress.org/akismet
- Output
----------------------------------------
_ _ _ ___ ___ ___| |_ _ _
| | | | . |_ -| -_| '_| | |
|_____| _|___|___|_,_|___|
|_| v0.4.0
WPSeku - Wordpress Security Scanner
by Momo Outaadi (m4ll0k)
----------------------------------------
[ + ] Checking PHP code...
[ + ] Scanning directory...
[ i ] Scanning trunk/class.akismet.php file
----------------------------------------------------------------------------------------------------------
| Line | Possibile Vuln. | String |
----------------------------------------------------------------------------------------------------------
| 597 | Cross-Site Scripting | [b"$_GET['action']", b"$_GET['action']"] |
| 601 | Cross-Site Scripting | [b"$_GET['for']", b"$_GET['for']"] |
| 140 | Cross-Site Scripting | [b"$_POST['akismet_comment_nonce']", b"$_POST['akismet_comment_nonce']"] |
| 144 | Cross-Site Scripting | [b"$_POST['_ajax_nonce-replyto-comment']"] |
| 586 | Cross-Site Scripting | [b"$_POST['status']", b"$_POST['status']"] |
| 588 | Cross-Site Scripting | [b"$_POST['spam']", b"$_POST['spam']"] |
| 590 | Cross-Site Scripting | [b"$_POST['unspam']", b"$_POST['unspam']"] |
| 592 | Cross-Site Scripting | [b"$_POST['comment_status']", b"$_POST['comment_status']"] |
| 599 | Cross-Site Scripting | [b"$_POST['action']", b"$_POST['action']"] |
| 214 | Cross-Site Scripting | [b"$_SERVER['HTTP_REFERER']", b"$_SERVER['HTTP_REFERER']"] |
| 403 | Cross-Site Scripting | [b"$_SERVER['REQUEST_TIME_FLOAT']", b"$_SERVER['REQUEST_TIME_FLOAT']"] |
| 861 | Cross-Site Scripting | [b"$_SERVER['REMOTE_ADDR']", b"$_SERVER['REMOTE_ADDR']"] |
| 930 | Cross-Site Scripting | [b"$_SERVER['HTTP_USER_AGENT']", b"$_SERVER['HTTP_USER_AGENT']"] |
| 934 | Cross-Site Scripting | [b"$_SERVER['HTTP_REFERER']", b"$_SERVER['HTTP_REFERER']"] |
| 1349 | Cross-Site Scripting | [b"$_SERVER['REMOTE_ADDR']"] |
----------------------------------------------------------------------------------------------------------
[ i ] Scanning trunk/wrapper.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/akismet.php file
-----------------------------------------------
| Line | Possibile Vuln. | String |
-----------------------------------------------
| 55 | Authorization Hole | [b'is_admin()'] |
-----------------------------------------------
[ i ] Scanning trunk/class.akismet-cli.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/class.akismet-widget.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/index.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/class.akismet-admin.php file
--------------------------------------------------------------------------------------------------------------------
| Line | Possibile Vuln. | String |
--------------------------------------------------------------------------------------------------------------------
| 39 | Cross-Site Scripting | [b"$_GET['page']", b"$_GET['page']"] |
| 134 | Cross-Site Scripting | [b"$_GET['akismet_recheck']", b"$_GET['akismet_recheck']"] |
| 152 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 190 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 388 | Cross-Site Scripting | [b"$_GET['recheckqueue']"] |
| 841 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 843 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 850 | Cross-Site Scripting | [b"$_GET['action']"] |
| 851 | Cross-Site Scripting | [b"$_GET['action']"] |
| 852 | Cross-Site Scripting | [b"$_GET['_wpnonce']", b"$_GET['_wpnonce']"] |
| 868 | Cross-Site Scripting | [b"$_GET['token']", b"$_GET['token']"] |
| 869 | Cross-Site Scripting | [b"$_GET['token']"] |
| 873 | Cross-Site Scripting | [b"$_GET['action']"] |
| 874 | Cross-Site Scripting | [b"$_GET['action']"] |
| 1005 | Cross-Site Scripting | [b"$_GET['akismet_recheck_complete']"] |
| 1006 | Cross-Site Scripting | [b"$_GET['recheck_count']"] |
| 1007 | Cross-Site Scripting | [b"$_GET['spam_count']"] |
| 31 | Cross-Site Scripting | [b"$_POST['action']", b"$_POST['action']"] |
| 256 | Cross-Site Scripting | [b"$_POST['_wpnonce']"] |
| 260 | Cross-Site Scripting | [b'$_POST[$option]', b'$_POST[$option]'] |
| 267 | Cross-Site Scripting | [b"$_POST['key']"] |
| 392 | Cross-Site Scripting | [b"$_POST['offset']", b"$_POST['offset']", b"$_POST['limit']", b"$_POST['limit']"] |
| 447 | Cross-Site Scripting | [b"$_POST['id']"] |
| 448 | Cross-Site Scripting | [b"$_POST['id']"] |
| 460 | Cross-Site Scripting | [b"$_POST['id']", b"$_POST['url']"] |
| 461 | Cross-Site Scripting | [b"$_POST['id']"] |
| 464 | Cross-Site Scripting | [b"$_POST['url']"] |
| 388 | Cross-Site Scripting | [b"$_REQUEST['action']", b"$_REQUEST['action']"] |
| 400 | Cross-Site Scripting | [b"$_SERVER['HTTP_REFERER']", b"$_SERVER['HTTP_REFERER']"] |
--------------------------------------------------------------------------------------------------------------------
[ i ] Scanning trunk/class.akismet-rest-api.php file
[ + ] Not found vulnerabilities
Credits and Contributors
Original idea and script from WPScan Team (https://wpscan.org/)
WPScan Vulnerability Database (https://wpvulndb.com/api)
More articles
- Hackers Toolbox
- Pentest Tools Android
- Github Hacking Tools
- How To Hack
- Hacking Tools For Games
- Hacking Tools Mac
- Pentest Tools Bluekeep
- Hacker Tools 2019
- Hacker Tools Online
- Physical Pentest Tools
- Game Hacking
- New Hack Tools
- Pentest Tools For Windows
- Hacker Tools For Pc
- Underground Hacker Sites
- Install Pentest Tools Ubuntu
- Pentest Tools Alternative
- Hacking Tools Github
- Pentest Tools Free
- Hacking Tools For Beginners
- Nsa Hack Tools Download
- Hack Tools 2019
- Physical Pentest Tools
- What Is Hacking Tools
- Hacker Tools Apk
- Hacker Tools Online
- Pentest Tools Website Vulnerability
- Wifi Hacker Tools For Windows
- Hacker Tools Hardware
- Hackrf Tools
- Hacker Tools Software
- Pentest Tools Nmap
- Hacker Tools Apk Download
- Hacker Tools For Windows
- Hacker Tools Software
- Hack Tools For Pc
- Hacker Tools Free Download
- Hacker Techniques Tools And Incident Handling
- Pentest Tools Apk
- Hacker Hardware Tools
- Tools For Hacker
- Hacker Tools For Mac
- Pentest Tools Bluekeep
- Nsa Hack Tools Download
- Hacking Tools Windows 10
- Hacker Tools Apk Download
- Hacking Tools Mac
- Hacking App
- Hacking Tools Name
- Hacker Tools For Mac
- How To Install Pentest Tools In Ubuntu
- Hacking Tools For Mac
- Hacking Tools For Mac
- Pentest Tools Find Subdomains
- Pentest Tools Find Subdomains
- Hacker Security Tools
- Hacker Tools Hardware
- Pentest Tools Url Fuzzer
- Hacking Tools Name
- Hacker Tools For Mac
- Easy Hack Tools
- Hacking Tools Windows 10
- Nsa Hack Tools Download
- Pentest Tools Port Scanner
- Hacking Tools 2020
- Hack And Tools
- Hacker Tools Software
- What Are Hacking Tools
- Hacker Tools For Mac
- Hacking Tools Mac
- Pentest Tools Subdomain
- Tools 4 Hack
- Hack Tools For Pc
- Hack Tools Pc
- Pentest Tools Kali Linux
- Hack Tools
- Hack Tools 2019
- Free Pentest Tools For Windows
- Hack Tools Github
- Black Hat Hacker Tools
- Nsa Hack Tools Download
- Hacker Security Tools
- Easy Hack Tools
- Install Pentest Tools Ubuntu
- Hacking Tools Mac
- Pentest Tools For Ubuntu
- Pentest Automation Tools
- Pentest Tools Framework
- Android Hack Tools Github
- Hacker Tools For Windows
- Hack Tools 2019
- Hacker Tools 2020
- Hacking Apps
- Hackers Toolbox
- Ethical Hacker Tools
- Hack Tool Apk No Root
- Hack Tools Pc
- Game Hacking
- Best Hacking Tools 2019
- Hacking Tools For Beginners
- How To Install Pentest Tools In Ubuntu
- Hacker Tools Github
- Hacking Tools Mac
- Nsa Hacker Tools
- Pentest Tools Online
- Pentest Tools Subdomain
- Hacking Tools Free Download
- What Are Hacking Tools
- Tools Used For Hacking
- Pentest Tools Review
- Hack Tools
- Pentest Tools Apk
- Hacker Tools Linux
- Hacking Tools For Windows
- Computer Hacker
- Pentest Reporting Tools
- Hacker Tools Software
- Hacking Apps
- Hacker Tools Github
- Pentest Reporting Tools
- Pentest Tools Port Scanner
- Hacker Search Tools
- New Hack Tools
- Hacking Tools Name
- Pentest Tools Bluekeep
- Install Pentest Tools Ubuntu
- Hack Tools Online
- Hacking Tools For Games
- Hacker Tools Software
- Hacker Tools Apk Download
- What Are Hacking Tools
- Pentest Tools Subdomain
- Hacker Tools Free
- Hack Tool Apk No Root
- Free Pentest Tools For Windows
- Hacking Tools For Windows 7
No comments:
Post a Comment