TBD.my
WPScan – WordPress Security/Vulnerability Scanner - Printable Version

+- TBD.my (https://w3.tbd.my)
+-- Forum: Programming (https://w3.tbd.my/forum-7.html)
+--- Forum: Lain-lain (https://w3.tbd.my/forum-88.html)
+--- Thread: WPScan – WordPress Security/Vulnerability Scanner (/thread-9076.html)



WPScan – WordPress Security/Vulnerability Scanner - th3phantom - 13-07-2011

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc).

Features

Quote:Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on version) (todo)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, …)

Requirements

WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.

INSTALL

Installing on Backtrack5 Gnome/KDE 32bit:

sudo apt-get install libcurl4-gnutls-dev

sudo gem install --user-install mime-types

sudo gem install --user-install typhoeus

sudo gem install --user-install xml-simple


Installing on Debian/Ubuntu:

sudo apt-get install libcurl4-gnutls-dev

sudo apt-get install libopenssl-ruby

sudo gem install typhoeus

sudo gem install xml-simple


Installing on other nix: (not tested)

sudo gem install typhoeus

sudo gem install xml-simple


Installing on Windows: (not tested)

gem install typhoeus

gem install xml-simple


Installing on Mac OSX: (not tested)

sudo gem install typhoeus

sudo gem install xml-simple

COMMANDS

--url (The WordPress URL/domain to scan.)

--version (Only do version enumeration.)

--wordlist (Supply a wordlist for the password bruter and do the brute.)

--threads (The number of threads to use when multi-threading requests.)

--username (Only brute force the supplied username.)

--generate_plugin_list (Generate a new data/plugins.txt file.)

-v (Verbose output.)

EXAMPLES

Do 'non-intrusive' checks...

ruby wpscan.rb --url http://www.example.com

Only do version enumeration...

ruby wpscan.rb --url http://www.example.com --version

Do wordlist password brute force on enumerated users using 50 threads...

ruby wpscan.rb --url http://www.example.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the 'admin' username only...

ruby wpscan.rb --url http://www.example.com --wordlist darkc0de.lst --username admin

Generate a new 'most popular' plugin list... ruby ./wpscan.rb --generate_plugin_list 150


PROJECT HOME

http://code.google.com/p/wpscan/

SUBVERSION REPOSITORY

svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only

ISSUES

http://code.google.com/p/wpscan/issues/list

You can download WPScan by checking it out from the SVN repository on Google Code:

svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only

Or you can read more here

credit to devilzc0de and ethicalhack3r.

gudluck guys. Big Grin