.:: Blackc0de Forum ::.
Would you like to react to this message? Create an account in a few clicks or log in to continue.

-=Explore The World From Our Binary=-
 
HomeIndeksLatest imagesPendaftaranLogin

 

 WordPress Security Vulnerability Scanner

Go down 
PengirimMessage
zer0cool
Newbie - Hack
Newbie - Hack
zer0cool


Jumlah posting : 363
Points : 807
Reputation : 24
Join date : 22.06.11

WordPress Security Vulnerability Scanner Empty
PostSubyek: WordPress Security Vulnerability Scanner   WordPress Security Vulnerability Scanner Icon_minitimeMon Dec 05, 2011 1:19 pm

WordPress Security Vulnerability Scanner
WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations.

[You must be registered and logged in to see this link.]

Features include:

Quote :
Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on version)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, ...)

WPScan will be hosted on Google Code at [You must be registered and logged in to see this link.] You can download and start running WPScan ALPHA by checking out the SVN trunk. “svn checkout [You must be registered and logged in to see this link.] wpscan-read-only”
Installation

WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.

Quote :
Installing on Backtrack5 Gnome/KDE 32bit:
sudo apt-get install libcurl4-gnutls-dev
sudo gem install --user-install mime-types
sudo gem install --user-install typhoeus
sudo gem install --user-install xml-simple

Installing on Debian/Ubuntu:
sudo apt-get install libcurl4-gnutls-dev
sudo apt-get install libopenssl-ruby
sudo gem install typhoeus
sudo gem install xml-simple

Installing on other nix: (not tested)
sudo gem install typhoeus
sudo gem install xml-simple

Installing on Windows: (not tested)
gem install typhoeus
gem install xml-simple

Installing on Mac OSX: (not tested)
sudo gem install typhoeus
sudo gem install xml-simple
Usage

-h for further help.

Examples:

Quote :
Do 'non-intrusive' checks...
ruby wpscan.rb --url [You must be registered and logged in to see this link.]

Only do version enumeration...
ruby wpscan.rb --url [You must be registered and logged in to see this link.] --version

Do wordlist password brute force on enumerated users using 50 threads...
ruby wpscan.rb --url [You must be registered and logged in to see this link.] --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the 'admin' username only...
ruby wpscan.rb --url [You must be registered and logged in to see this link.] --wordlist darkc0de.lst --username admin

Generate a new 'most popular' plugin list, up to 150 pages...
ruby ./wpscan.rb --generate_plugin_list 150

Enumerate installed plugins...
ruby ./wpscan.rb --enumerate p

Kembali Ke Atas Go down
 
WordPress Security Vulnerability Scanner
Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» Wordpress Timthumb Scanner
» Jaringan Vulnerability Scanner Dasar
» vulnerability Themes Wordpress
» vulnerability Themes WordPress
» Wordpress Plugin EasyComment Upload Vulnerability

Permissions in this forum:Anda tidak dapat menjawab topik
.:: Blackc0de Forum ::. :: BoarD Blackc0de :: International Room :: Hacking & Security (Int.)-
Navigasi: