Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/eliranmaman/wp-exploiter
WP-Exploiter is a tool for testing and exploiting a wide range of WordPress websites.
https://github.com/eliranmaman/wp-exploiter
python python-3 python3 security security-vulnerability vulnerabilities vulnerability-detection vulnerability-identification vulnerability-scanners wordpress
Last synced: 6 days ago
JSON representation
WP-Exploiter is a tool for testing and exploiting a wide range of WordPress websites.
- Host: GitHub
- URL: https://github.com/eliranmaman/wp-exploiter
- Owner: eliranmaman
- License: mit
- Created: 2019-12-22T18:30:46.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2020-11-27T18:19:11.000Z (almost 4 years ago)
- Last Synced: 2024-07-27T23:14:14.296Z (4 months ago)
- Topics: python, python-3, python3, security, security-vulnerability, vulnerabilities, vulnerability-detection, vulnerability-identification, vulnerability-scanners, wordpress
- Language: Python
- Homepage:
- Size: 644 KB
- Stars: 11
- Watchers: 3
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# WP-Exploiter    
WP-Exploiter is a tool for testing and exploiting a wide range of WordPress websites.
### Our tool coverage
* Identifying WordPress websites by several methods.
* Identifying WordPress versions by several methods
* Enumerating WordPress users by several methods.
* Detect & exploit weaknesses in specific versions.
### Requirements
* Python3 (tested on 3.7).
* Python modules as specified on requirements.txt.
### Default configurations
Can be changed at config/conf.json.
```JSON
{
"http_data": {
"max_retries": "The maximum retries for http requests.",
"timeout": "In mil sec.",
"retries_reason": "The reason that will invoke another retry.",
"retries_break_time": "In sec.",
"user_agent": "User agent for the HTTP requests."
},
"detector_data": {
"admin_path": "The default WordPress admin panel path.",
"login_path": "The default WordPress login path.",
"feed_path": "The default WordPress feed path.",
"upgrade_path": "The default WordPress upgrade path.",
"timeout": "Timeout in sec.",
"css_path": "common css files at WordPress systems.",
"detect_th": "Smart detector threshold (the lower the number - the higher the sensitivity)."
},
"enumerator_data": {
"start_enumeration": "Default user id to start enumeration with.",
"enumeration_chunk": "Every iteration will enumerate this number of users.",
"rest_api_path": "The default WordPress rest-api path.",
"rest_api_id_col": "The default WordPress rest-api id key.",
"rest_api_slug_col": "The default WordPress rest-api slug key.",
"rest_api_name_col": "The default WordPress rest-api name key.",
"rest_api_status_col": "The default WordPress rest-api status key.",
"author_path": "The default WordPress author path for enumeration.",
"success_code": "The default success code for user enumeration (by author method)."
},
"exploiter_data": {
"WPPluginExploiter": {
"readme_path": "The default WPPluginExploiter class readme path."
},
"WPDatabaseResetExploiter": {
"readme_path": "The default readme path for this plugin."
},
"WPTimeCapsuleExploiter": {
"readme_path": "The default readme path for this plugin."
}
},
"register_data": {
"register_required_data": "The default necessary data for registering new WordPress user."
},
"bruteforce_data": {
"success": "The default 'success' cookie for successful login.",
"num_of_threads": "The default number of threads for the bruteforce attack.",
"error_limit": "The error threshold to determine that this website is not allowing bruteforce.",
"wp_admin": "The login path (default).",
"test_cookie": "Test cookie."
}
}
```
### Basic Usage
```bash
python cliy.py [COMMAND] [ARGS]
```
##### Possible commands -
* detect - Detect if URL/IP is a WordPress site and try to get the WordPress system version. Args:
* --url / -u: The URL/IP to test (for example: http://example.com).
* --timeout / -to: Maximum timeout for each HTTP request, in msecs and only integer (for example 100).
* --proxy / -p: Proxy (URL/IP) to use (for example: 192.192.192.192).
* enumerate - Try to enumerate user names of WordPress System. Args:
* --url / -u: The URL/IP to test (for example: http://example.com).
* --proxy / -p: Proxy (URL/IP) to use (for example: 192.192.192.192).
* minid: The id to start enumerate from (for example 1, will try enumerate user with id 1 and above).
* maxid: The user id to stop enumerate (for example 5, will try enumerate from the minid until id 5).
* bruteforce - Try to do login Bruteforce and crack passwords with a dictionary attack. Args:
* --url / -u: The URL/IP to test (for example: http://example.com)
* --proxy / -p: Proxy (URL/IP) to use, (for example: 192.192.192.192).
* --usernames / -un: Path to a file containing usernames to enumerates (each username in a separate line).
* --passwords / -pass: Path to a file containing passwords to try for each username (each password in a separate line).
* --threads, -t: Number of working threads (default is 1, only integer).
* exploit - Try to exploit WordPress Website and gain control over the admin user. Args:
* --url / -u: The URL/IP to test (for example: http://example.com).
* --proxy / -p: Proxy (URL/IP) to use (for example: 192.192.192.192).
* --type / -ex: The exploite you wish to try, choose from [time-capsule, reset-database, all].
* readme - prints the readme file.
### Further Attacks
Of course, you can clone & implement other exploits. Our interface is generic and supports several exploiting methods.
### Automation
WP-Exploiter has the potential to be automated in different ways. We are going to leave this to you.
You can find an example at examples/run.py.
### Note
* We do not claim the description or the purpose of this tool to be 100% accurate. If you see anything which is incorrect in this document, please submit a pull request or open a new issue.
* We do not encourage using it on real websites, this is tool is for educational purposes only. We are not responsible for any usage of anyone on this tool.