Saturday, August 22, 2020

WPSeku V0.4 - Wordpress Security Scanner



WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

Installation
$ git clone https://github.com/m4ll0k/WPSeku.git wpseku
$ cd wpseku
$ pip3 install -r requirements.txt
$ python3 wpseku.py

Usage

Generic Scan
python3 wpseku.py --url https://www.xxxxxxx.com --verbose

  • Output
----------------------------------------
_ _ _ ___ ___ ___| |_ _ _
| | | | . |_ -| -_| '_| | |
|_____| _|___|___|_,_|___|
|_| v0.4.0

WPSeku - Wordpress Security Scanner
by Momo Outaadi (m4ll0k)
----------------------------------------

[ + ] Target: https://www.xxxxxxx.com
[ + ] Starting: 02:38:51

[ + ] Server: Apache
[ + ] Uncommon header "X-Pingback" found, with contents: https://www.xxxxxxx.com/xmlrpc.php
[ i ] Checking Full Path Disclosure...
[ + ] Full Path Disclosure: /home/ehc/public_html/wp-includes/rss-functions.php
[ i ] Checking wp-config backup file...
[ + ] wp-config.php available at: https://www.xxxxxxx.com/wp-config.php
[ i ] Checking common files...
[ + ] robots.txt file was found at: https://www.xxxxxxx.com/robots.txt
[ + ] xmlrpc.php file was found at: https://www.xxxxxxx.com/xmlrpc.php
[ + ] readme.html file was found at: https://www.xxxxxxx.com/readme.html
[ i ] Checking directory listing...
[ + ] Dir "/wp-admin/css" listing enable at: https://www.xxxxxxx.com/wp-admin/css/
[ + ] Dir "/wp-admin/images" listing enable at: https://www.xxxxxxx.com/wp-admin/images/
[ + ] Dir "/wp-admin/includes" listing enable at: https://www.xxxxxxx.com/wp-admin/includes/
[ + ] Dir "/wp-admin/js" listing enable at: https://www.xxxxxxx.com/wp-admin/js/
......

Bruteforce Login
python3 wpseku.py --url https://www.xxxxxxx.com --brute --user test --wordlist wl.txt --verbose

  • Output
----------------------------------------
_ _ _ ___ ___ ___| |_ _ _
| | | | . |_ -| -_| '_| | |
|_____| _|___|___|_,_|___|
|_| v0.4.0

WPSeku - Wordpress Security Scanner
by Momo Outaadi (m4ll0k)
----------------------------------------

[ + ] Target: https://www.xxxxxxx.com
[ + ] Starting: 02:46:32

[ + ] Bruteforcing Login via XML-RPC...
[ i ] Setting user: test
[ + ] Valid Credentials:

-----------------------------
| Username | Passowrd |
-----------------------------
| test | kamperasqen13 |
-----------------------------

Scan plugin,theme and wordpress code
python3 wpseku.py --scan <dir/file> --verbose

Note: Testing Akismet Directory Plugin https://plugins.svn.wordpress.org/akismet
  • Output
----------------------------------------
_ _ _ ___ ___ ___| |_ _ _
| | | | . |_ -| -_| '_| | |
|_____| _|___|___|_,_|___|
|_| v0.4.0

WPSeku - Wordpress Security Scanner
by Momo Outaadi (m4ll0k)
----------------------------------------

[ + ] Checking PHP code...
[ + ] Scanning directory...
[ i ] Scanning trunk/class.akismet.php file
----------------------------------------------------------------------------------------------------------
| Line | Possibile Vuln. | String |
----------------------------------------------------------------------------------------------------------
| 597 | Cross-Site Scripting | [b"$_GET['action']", b"$_GET['action']"] |
| 601 | Cross-Site Scripting | [b"$_GET['for']", b"$_GET['for']"] |
| 140 | Cross-Site Scripting | [b"$_POST['akismet_comment_nonce']", b"$_POST['akismet_comment_nonce']"] |
| 144 | Cross-Site Scripting | [b"$_POST['_ajax_nonce-replyto-comment']"] |
| 586 | Cross-Site Scripting | [b"$_POST['status']", b"$_POST['status']"] |
| 588 | Cross-Site Scripting | [b"$_POST['spam']", b"$_POST['spam']"] |
| 590 | Cross-Site Scripting | [b"$_POST['unspam']", b"$_POST['unspam']"] |
| 592 | Cross-Site Scripting | [b"$_POST['comment_status']", b"$_POST['comment_status']"] |
| 599 | Cross-Site Scripting | [b"$_POST['action']", b"$_POST['action']"] |
| 214 | Cross-Site Scripting | [b"$_SERVER['HTTP_REFERER']", b"$_SERVER['HTTP_REFERER']"] |
| 403 | Cross-Site Scripting | [b"$_SERVER['REQUEST_TIME_FLOAT']", b"$_SERVER['REQUEST_TIME_FLOAT']"] |
| 861 | Cross-Site Scripting | [b"$_SERVER['REMOTE_ADDR']", b"$_SERVER['REMOTE_ADDR']"] |
| 930 | Cross-Site Scripting | [b"$_SERVER['HTTP_USER_AGENT']", b"$_SERVER['HTTP_USER_AGENT']"] |
| 934 | Cross-Site Scripting | [b"$_SERVER['HTTP_REFERER']", b"$_SERVER['HTTP_REFERER']"] |
| 1349 | Cross-Site Scripting | [b"$_SERVER['REMOTE_ADDR']"] |
----------------------------------------------------------------------------------------------------------
[ i ] Scanning trunk/wrapper.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/akismet.php file
-----------------------------------------------
| Line | Possibile Vuln. | String |
-----------------------------------------------
| 55 | Authorization Hole | [b'is_admin()'] |
-----------------------------------------------
[ i ] Scanning trunk/class.akismet-cli.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/class.akismet-widget.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/index.php file
[ + ] Not found vulnerabilities
[ i ] Scanning trunk/class.akismet-admin.php file
--------------------------------------------------------------------------------------------------------------------
| Line | Possibile Vuln. | String |
--------------------------------------------------------------------------------------------------------------------
| 39 | Cross-Site Scripting | [b"$_GET['page']", b"$_GET['page']"] |
| 134 | Cross-Site Scripting | [b"$_GET['akismet_recheck']", b"$_GET['akismet_recheck']"] |
| 152 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 190 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 388 | Cross-Site Scripting | [b"$_GET['recheckqueue']"] |
| 841 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 843 | Cross-Site Scripting | [b"$_GET['view']", b"$_GET['view']"] |
| 850 | Cross-Site Scripting | [b"$_GET['action']"] |
| 851 | Cross-Site Scripting | [b"$_GET['action']"] |
| 852 | Cross-Site Scripting | [b"$_GET['_wpnonce']", b"$_GET['_wpnonce']"] |
| 868 | Cross-Site Scripting | [b"$_GET['token']", b"$_GET['token']"] |
| 869 | Cross-Site Scripting | [b"$_GET['token']"] |
| 873 | Cross-Site Scripting | [b"$_GET['action']"] |
| 874 | Cross-Site Scripting | [b"$_GET['action']"] |
| 1005 | Cross-Site Scripting | [b"$_GET['akismet_recheck_complete']"] |
| 1006 | Cross-Site Scripting | [b"$_GET['recheck_count']"] |
| 1007 | Cross-Site Scripting | [b"$_GET['spam_count']"] |
| 31 | Cross-Site Scripting | [b"$_POST['action']", b"$_POST['action']"] |
| 256 | Cross-Site Scripting | [b"$_POST['_wpnonce']"] |
| 260 | Cross-Site Scripting | [b'$_POST[$option]', b'$_POST[$option]'] |
| 267 | Cross-Site Scripting | [b"$_POST['key']"] |
| 392 | Cross-Site Scripting | [b"$_POST['offset']", b"$_POST['offset']", b"$_POST['limit']", b"$_POST['limit']"] |
| 447 | Cross-Site Scripting | [b"$_POST['id']"] |
| 448 | Cross-Site Scripting | [b"$_POST['id']"] |
| 460 | Cross-Site Scripting | [b"$_POST['id']", b"$_POST['url']"] |
| 461 | Cross-Site Scripting | [b"$_POST['id']"] |
| 464 | Cross-Site Scripting | [b"$_POST['url']"] |
| 388 | Cross-Site Scripting | [b"$_REQUEST['action']", b"$_REQUEST['action']"] |
| 400 | Cross-Site Scripting | [b"$_SERVER['HTTP_REFERER']", b"$_SERVER['HTTP_REFERER']"] |
--------------------------------------------------------------------------------------------------------------------
[ i ] Scanning trunk/class.akismet-rest-api.php file
[ + ] Not found vulnerabilities

Credits and Contributors
Original idea and script from WPScan Team (https://wpscan.org/)
WPScan Vulnerability Database (https://wpvulndb.com/api)




Related links


  1. Hak5 Tools
  2. Hack Rom Tools
  3. Hacker Hardware Tools
  4. Nsa Hack Tools
  5. Ethical Hacker Tools
  6. Hacking Tools Kit
  7. Hacker Tools For Windows
  8. Hack Tool Apk
  9. Pentest Tools Open Source
  10. What Are Hacking Tools
  11. Hacking Tools For Games
  12. Hacking Tools And Software
  13. World No 1 Hacker Software
  14. Pentest Tools Alternative
  15. Pentest Tools Url Fuzzer
  16. Hacking App
  17. Hack Tool Apk
  18. Github Hacking Tools
  19. Hacking Tools For Kali Linux
  20. Pentest Tools Download
  21. Pentest Tools Nmap
  22. New Hacker Tools
  23. Hack Tools Pc
  24. Hackrf Tools
  25. Hacking Tools For Mac
  26. Hacker Tools Free Download
  27. Pentest Tools Port Scanner
  28. Hack Tools Download
  29. Hack Tools
  30. Hack Tools Github
  31. Hacking Tools Github
  32. Hacker
  33. Pentest Tools Alternative
  34. How To Hack
  35. Hacker Search Tools
  36. Pentest Tools For Windows
  37. Hacker Tools Apk Download
  38. What Are Hacking Tools
  39. Hacking Tools Kit
  40. Hacking Tools Kit
  41. Hacker Tools For Pc
  42. Hack App
  43. Pentest Recon Tools
  44. Pentest Tools Open Source
  45. Hacking Tools Pc
  46. Hacking Tools Usb
  47. Pentest Tools Subdomain
  48. Hacking Tools Hardware
  49. Ethical Hacker Tools
  50. Hacker Tools Free Download
  51. Pentest Box Tools Download
  52. Hacking Tools For Pc
  53. Ethical Hacker Tools
  54. Hacking Tools For Kali Linux
  55. Hacker Tools Github
  56. Hacking Tools Free Download
  57. Pentest Tools Kali Linux
  58. Hacker Tools For Pc
  59. Hack Tool Apk
  60. Pentest Tools Url Fuzzer
  61. Hack Tools For Pc
  62. Hack Tools Online
  63. Install Pentest Tools Ubuntu
  64. Hack Tool Apk
  65. Pentest Tools Find Subdomains
  66. Physical Pentest Tools
  67. Pentest Recon Tools
  68. Hacker Tools For Pc
  69. Hacker Tools List
  70. Hacker Tools
  71. Top Pentest Tools
  72. Hacking Tools Software
  73. Top Pentest Tools
  74. Pentest Tools Review
  75. Pentest Tools Tcp Port Scanner
  76. Hacker Security Tools
  77. Hacking Tools For Beginners
  78. How To Make Hacking Tools
  79. Pentest Tools Port Scanner
  80. Nsa Hacker Tools
  81. Tools For Hacker
  82. Best Hacking Tools 2019
  83. Hacker Tool Kit
  84. Hacker Tools List
  85. Pentest Tools Github
  86. Hackrf Tools
  87. How To Make Hacking Tools
  88. Pentest Tools Linux
  89. Hack Tools Mac
  90. Pentest Tools Bluekeep
  91. Pentest Tools Apk
  92. Easy Hack Tools
  93. Pentest Tools Website
  94. Easy Hack Tools
  95. Best Hacking Tools 2019
  96. Best Hacking Tools 2020
  97. Hacker Tools Apk
  98. Physical Pentest Tools
  99. Pentest Tools Kali Linux
  100. Hacking Tools Pc
  101. Android Hack Tools Github
  102. Hacker
  103. Pentest Tools Website
  104. Tools For Hacker
  105. Underground Hacker Sites
  106. Hacking Tools Name
  107. Pentest Tools Github
  108. Pentest Recon Tools
  109. Hacking Tools For Beginners
  110. Hacking Tools For Mac
  111. Hacker Tools 2019
  112. Hacking Tools Name
  113. Hack Tool Apk No Root
  114. Physical Pentest Tools
  115. Ethical Hacker Tools
  116. Pentest Tools Open Source
  117. Install Pentest Tools Ubuntu
  118. Hack And Tools
  119. Hack Tools Online
  120. Pentest Tools Linux
  121. Hacks And Tools
  122. Free Pentest Tools For Windows
  123. Hacker Tools For Mac
  124. Wifi Hacker Tools For Windows
  125. Pentest Tools Website
  126. Computer Hacker
  127. Hacker Tools List
  128. Tools Used For Hacking
  129. Pentest Tools Open Source
  130. Pentest Tools List
  131. Nsa Hack Tools Download
  132. Pentest Tools Open Source
  133. Hacker Security Tools
  134. Hack Tools For Games
  135. Ethical Hacker Tools
  136. Pentest Tools
  137. Ethical Hacker Tools
  138. Hack App
  139. Hacking Tools For Kali Linux
  140. Hacking Tools For Beginners
  141. Hacker Tools For Ios
  142. Hacker Tools For Pc
  143. Hacking Tools For Windows Free Download

No comments:

Post a Comment