Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/acuciureanu/wp-plugins-analyzer
A WordPress plugins analyzer which is still work in progress anyway
https://github.com/acuciureanu/wp-plugins-analyzer
bugbounty bugbounty-tool wordpress-security-scanner
Last synced: about 1 month ago
JSON representation
A WordPress plugins analyzer which is still work in progress anyway
- Host: GitHub
- URL: https://github.com/acuciureanu/wp-plugins-analyzer
- Owner: acuciureanu
- Created: 2024-05-24T19:50:56.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2024-08-12T19:35:15.000Z (6 months ago)
- Last Synced: 2024-11-18T13:09:01.691Z (3 months ago)
- Topics: bugbounty, bugbounty-tool, wordpress-security-scanner
- Language: Rust
- Homepage:
- Size: 60.5 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
β οΈ Work in Progress β οΈ
# π WordPress Plugin AnalyzerοΈ
## π Overview
I want WordPress Plugin Analyzer to become a powerful tool designed to scan WordPress plugins for potential security vulnerabilities. It automatically downloads plugins, analyzes their PHP code, and reports possible security issues.
## π Features
- π₯ Automatic plugin download and extraction
- π Comparison of plugin versions for updates
- π¬ In-depth code analysis using abstract syntax trees
- π‘οΈ Multiple security checks for various vulnerability types
## π Security Checks
Our analyzer performs the following security checks:
1. ποΈ Arbitrary File Deletion
2. π Arbitrary File Read
3. π€ Arbitrary File Upload
4. π Broken Access Control
5. π Cross-Site Request Forgery (CSRF)
6. π CSRF to Cross-Site Scripting (XSS)
7. π Local File Inclusion (LFI)
8. π Missing Capability Checks
9. π PHP Object Injection
10. π Privilege Escalation
11. π» Remote Code Execution (RCE)
12. π SQL Injection
13. π Server-Side Request Forgery (SSRF)
## π οΈ Usage
1. Ensure you have Rust and its dependencies installed.
2. Clone this repository.
3. Run `cargo build --release` to compile the project.
4. Execute the binary with `cargo run --release`.
The analyzer will automatically:
- Fetch the latest WordPress plugins
- Compare with previous snapshots (if available)
- Download and analyze each plugin
- Report potential vulnerabilities
## π Output
The analyzer provides detailed output for each potential vulnerability found, including:
- The file name
- The type of vulnerability
- Specific details about the detected issue
## β οΈ Disclaimer
This tool is intended for educational and security research purposes only. Always verify results manually and respect the WordPress plugin directory's terms of service.
## π€ Contributing
Contributions are welcome! Please feel free to submit a Pull Request.