RamadhanAmizudin / Wordpress Scanner
Licence: mit
Wordpress Vulnerability Scanner
Stars: ✭ 137
Projects that are alternatives of or similar to Wordpress Scanner
Blowhole
Docker auditing and enumeration script.
Stars: ✭ 21 (-84.67%)
Mutual labels: auditing, security-audit
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+2234.31%)
Mutual labels: security-audit, vulnerability
PTEye
Phantom eye——A passive business logic vulnerability auditing tool
Stars: ✭ 55 (-59.85%)
Mutual labels: auditing, vulnerability
Filewatcher
A simple auditing utility for macOS
Stars: ✭ 233 (+70.07%)
Mutual labels: security-audit, auditing
Gscan
本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
Stars: ✭ 1,177 (+759.12%)
Mutual labels: security-audit, auditing
Killshot
A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Stars: ✭ 237 (+72.99%)
Mutual labels: wordpress, vulnerability
Pentesting
Misc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-82.48%)
Mutual labels: security-audit, vulnerability
Wprecon
WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.
Stars: ✭ 135 (-1.46%)
Mutual labels: wordpress, vulnerability
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+6569.34%)
Mutual labels: security-audit, auditing
Wordpress Exploit Framework
A Ruby framework designed to aid in the penetration testing of WordPress systems.
Stars: ✭ 882 (+543.8%)
Mutual labels: wordpress, security-audit
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+1582.48%)
Mutual labels: security-audit, vulnerability
Web exploit detector
The Web Exploit Detector is a Node.js application used to detect possible infections, malicious code and suspicious files in web hosting environments
Stars: ✭ 81 (-40.88%)
Mutual labels: wordpress, security-audit
ad-privileged-audit
Provides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-69.34%)
Mutual labels: auditing, security-audit
Otseca
Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
Stars: ✭ 416 (+203.65%)
Mutual labels: security-audit, auditing
Cve 2018 20555
Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555
Stars: ✭ 78 (-43.07%)
Mutual labels: wordpress, vulnerability
Dockle
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
Stars: ✭ 1,713 (+1150.36%)
Mutual labels: security-audit, vulnerability
Wp Spider Cache
Your friendly neighborhood caching solution for WordPress
Stars: ✭ 133 (-2.92%)
Mutual labels: wordpress
Base Camp
Awesome WordPress starter theme for developers based on modern web technologies.
Stars: ✭ 135 (-1.46%)
Mutual labels: wordpress
Vip Coding Standards
PHP_CodeSniffer ruleset to enforce WordPress.com VIP and VIP Go coding standards
Stars: ✭ 133 (-2.92%)
Mutual labels: wordpress
Oblog
An Auto Rendering 🔽 Blogging System Based on MarkDown & Vue.js | 自动渲染装载 MarkDown 内容的博客系统
Stars: ✭ 133 (-2.92%)
Mutual labels: wordpress
Introduction
A Wordpress Scanner written in PHP, focus on vulnerability assessment and security audit of misconfiguration in the Wordpress installation. Wordpress Scanner is capable of finding the flaws in the Wordpress installation and will provide all the information regarding the vulnerability. Wordpress Scanner is not a tool for code auditing, it performs "black box" scanning for the Wordpress powered web application.
The basic security check will review a WordPress installation for common security related mis-configurations. Testing with the basic check option uses regular web requests. The system downloads a handful of pages from the target site, then performs analysis on the resulting html source.
Usage
Usage: php app.php [options]
Options:
-h, --help Show this help message.
-u, --url Target URL (e.g. "http://mywp.com/")
-f, --force Ignore if target is not wordpress.
-v, --version Check for available version
--upgrade Upgrade to newer version
--wpvulndb Use WPVulnDB API Instead of local database. (Powered by wpvulndb.com API)
--no-log Disable Logging
Request:
--ua, --user-agent Set user-agent, default: random user agent
-t, --thread numbers of threads, default: 10
--proxy Set proxy. eg: protocol://[username:[email protected]]host:port
Scanning:
-d, --default Default scanning mode
Equivalent to --dp,--dt,--b option
-b, --basic Show basic information about target
Eg: robots.txt path, check multisite, registration enable, readme file
--dp, --discover-plugin Discover plugin(s) via html source
--dt, --discover-theme Discover theme(s) via html source
Plugin/Theme Enumeration:
--ep, --enumerate-plugin Enumerate plugins
--et, --enumerate-theme Enumerate themes
--vp, --vuln-plugin Enumerate vulnerable plugins only
--vt, --vuln-theme Enumerate vulnerable themes only
User Enumeration:
--eu, --enumerate-user Enumerate users
-i, --iterate numbers of iteration, default: 10
-f, --feed Enumerate through rss feeds, default: author pages
-B, --ubrute Set wordlist file(full path) to bruteforce username, default will use built-in wordlist
-p, --protect Check if the site is protected before bruteforcing, use with -B or --ubrute
Bruteforce:
--bf, --bruteforce Bruteforce Mode
-x, --xmlrpc Bruteforce through XMLRPC interface.
-p, --protect Check if the site is protected before bruteforcing.
-F, --ufound Set username to enumerated users.
-U, --user Set username or file containing user lists.
-w, --wordlist Set wordlist file(full path), default will use built-in wordlist.
Requirements
- At least PHP 5.4
- PHP cURL Extension
- PHP JSON Extension
Installation
Windows
Download http://windows.php.net/downloads/releases/php-5.4.41-Win32-VC9-x86.zip
Tick cURL Extension on installation step
Ubuntu/Debian-based
sudo apt-get install php5 php5-curl php5-json
Mac OSX
curl -s http://php-osx.liip.ch/install.sh | bash -s 5.4
To Do List
- Rewrite code to be more modular
- Unit Tests
- Add Web UI
- Add custom wordpress directory(wp-content and wp-plugin)
- Vulnerability Database (currently using https://wpvulndb.com)
Contribution
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Make your changes
- Commit your changes (
git commit -am 'Added some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
- Pat yourself on the back for being so awesome
License
MIT License. Copyright (c) 2015 Ahmad Ramadhan Amizudin. See License.
Contacts
ramadhan.amizudin at gmail dot com
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].