Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/devpwn/xmlrpc-scan
golang tool to scan domains or single domains with know security issues against xmlrpc
https://github.com/devpwn/xmlrpc-scan
Last synced: 2 months ago
JSON representation
golang tool to scan domains or single domains with know security issues against xmlrpc
- Host: GitHub
- URL: https://github.com/devpwn/xmlrpc-scan
- Owner: devpwn
- Created: 2020-05-31T22:50:41.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-11-09T20:26:23.000Z (about 1 year ago)
- Last Synced: 2024-08-03T01:13:54.280Z (6 months ago)
- Language: Go
- Size: 11.2 MB
- Stars: 59
- Watchers: 2
- Forks: 11
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-rainmana - devpwn/xmlrpc-scan - golang tool to scan domains or single domains with know security issues against xmlrpc (Go)
README
# xmlrpc-scan
Scan urls or a single URL against XMLRPC wordpress issues.
usage:
##### Install
- Download from releases: https://github.com/devpwn/xmlrpc-scan/releases
- Or Compiling by yourself
##### Features
- Verify if XMLRPC interface from Wordpress is open;
- Testing all possible SSRF methods against xmlrpc wordpress;
- Testing the SSRF oem proxy [https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/wordpress](https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/wordpress)
- Generate unique url from each ssrf attempt;
##### Usage
* List of wordpress urls
```bash
cat urls.txt | xmlrpcscan -server http://burpcollaborator.net
```
* Single URL
```bash
xmlrpcscan -target https://target.com -server http://burpcollaborator.net
```
