WPScan – WordPress Security Scanner

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.

Details

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on version) (todo)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, …)

 

pen@test:/home/tools# svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only
A    wpscan-read-only/tools
A    wpscan-read-only/tools/generate_plugin_list.rb
A    wpscan-read-only/lib
A    wpscan-read-only/lib/discover.rb
A    wpscan-read-only/lib/bruter.rb
A    wpscan-read-only/lib/validate.rb
A    wpscan-read-only/exploits
A    wpscan-read-only/data
A    wpscan-read-only/data/plugins.txt
A    wpscan-read-only/data/plugin_vulns.xml
A    wpscan-read-only/data/wp_vulns.xml
A    wpscan-read-only/CREDITS
A    wpscan-read-only/README
A    wpscan-read-only/wpscan.rb

Dependencies:

Backtrack5 Gnome/KDE 32bit:

sudo apt-get install libcurl4-gnutls-dev
sudo gem install –user-install mime-types
sudo gem install –user-install typhoeus
sudo gem install –user-install xml-simple

Debian/Ubuntu:

sudo apt-get install libcurl4-gnutls-dev
sudo gem install typhoeus
sudo gem install xml-simple

Other nix: (not tested)

sudo gem install typhoeus
sudo gem install xml-simple

Windows: (not tested)

gem install typhoeus
gem install xml-simple

Mac OSX: (not tested)

sudo gem install typhoeus
sudo gem install xml-simple

Usage:

pen@test:/home/tools/wpscan-read-only# ruby wpscan.rb --url www.example.com
____________________________________________________
 __          _______   _____                  
 \ \        / /  __ \ / ____|                 
  \ \  /\  / /| |__) | (___   ___  __ _ _ __  
   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
    \  /\  /  | |     ____) | (__| (_| | | | |
     \/  \/   |_|    |_____/ \___|\__,_|_| |_| v.ALPHA

  WordPress Security Scanner by ethicalhack3r.co.uk
_____________________________________________________

# Copyright (C) 2011 Ryan Dewhurst
# This program comes with ABSOLUTELY NO WARRANTY.
# This is free software, and you are welcome to redistribute it
# under certain conditions. See GNU GPLv3.

| URL: http://www.coresec.org/
| Started on Thu Jul 14 16:41:18 2011

[+] The WordPress theme in use is called pyrmont-v2
[+] WordPress version 3.2.1 identified from meta generator.

[+] Finished at Thu Jul 14 16:41:30 2011

Download: svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only

Deixe uma resposta

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s