Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/swisskyrepo/Wordpresscan

WPScan rewritten in Python + some WPSeku ideas
https://github.com/swisskyrepo/Wordpresscan

hacktoberfest python vulnerabilities vulnerability-scanners wordpress wordpress-plugin wordpress-scanner wordpress-security wordpress-theme wpscan

Last synced: about 1 month ago
JSON representation

WPScan rewritten in Python + some WPSeku ideas

Awesome Lists containing this project

README 

        
# Wordpresscan

A simple Wordpress scanner written in python based on the work of WPScan (Ruby version), some features are inspired by WPSeku.



## Disclaimer

```

The authors of this github are not responsible for misuse or for any damage that you may cause!

You agree that you use this software at your own risk.

```



## Install & Launch



Install

```bash

git clone https://github.com/swisskyrepo/Wordpresscan.git

cd Wordpresscan

```



Virtualenv

```bash

virtualenv .venv -p /usr/bin/python2.7

source .venv/bin/activate

pip install -r requirements.txt

```



## Examples

### Example 1 : Basic update and scan of a wordpress

```powershell

python wordpresscan.py -u "http://localhost/wordpress" --update --random-agent



-u : Url of the WordPress

--update : Update the wpscan database

--aggressive : Launch an aggressive version to scan for plugins/themes

--random-agent : Use a random user-agent for this session

```



### Example 2 : Basic bruteforce (option --brute, option --nocheck)

* bruteforce customs usernames

```powershell

python wordpresscan.py -u "http://127.0.0.1/wordpress/" --brute --usernames "admin,guest" --passwords-list fuzz/wordlist.lst

```

* bruteforce with usernames list

```powershell

python wordpresscan.py -u "http://127.0.0.1/wordpress/" --brute --users-list fuzz/wordlist.lst --passwords-list fuzz/wordlist.lst

```

* bruteforce detected users

```

python wordpresscan.py -u "http://127.0.0.1/wordpress/" --brute --passwords-list fuzz/wordlist.lst

```



```powershell

╭─ πŸ‘» swissky@crashlab: ~/Github/Wordpresscan  β€Ήmaster*β€Ί

╰─$ python main.py -u "http://127.0.0.1/wordpress/" --brute --users-list fuzz/wordlist.lst --passwords-list fuzz/wordlist.lst --nocheck       

_______________________________________________________________

 _    _               _                                         

| |  | |             | |                                        

| |  | | ___  _ __ __| |_ __  _ __ ___  ___ ___  ___ __ _ _ __  

| |/\| |/ _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|/ __/ _` | '_ \

\  /\  / (_) | | | (_| | |_) | | |  __/\__ \__ \ (_| (_| | | | |

 \/  \/ \___/|_|  \__,_| .__/|_|  \___||___/___/\___\__,_|_| |_|

                       | |                                      

                       |_|                                      

 WordPress scanner based on wpscan work - @pentest_swissky      

_______________________________________________________________

[+] URL: http://127.0.0.1/wordpress/



[!] The Wordpress 'http://127.0.0.1/wordpress/readme.html' file exposing a version number: 4.4.7

[i] Uploads directory has directory listing enabled : http://127.0.0.1/wordpress/wp-content/uploads/

[i] Includes directory has directory listing enabled : http://127.0.0.1/wordpress/wp-includes/



[i] Bruteforcing all users

[+] User found admin

[+] Starting passwords bruteforce for admin

Bruteforcing - β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–“β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘

```



### Example 3 : Thinking is overrated, this is aggressive, mostly not advised!

```powershell

python wordpresscan.py -u "http://127.0.0.1/wordpress/" --fuzz



[i] Enumerating components from aggressive fuzzing ...

[i] File: http://127.0.0.1/wordpress/license.txt - found

[i] File: http://127.0.0.1/wordpress/readme.html - found

[i] File: http://127.0.0.1/wordpress/wp-admin/admin-footer.php - found

[i] File: http://127.0.0.1/wordpress/wp-admin/css/ - found

[i] File: http://127.0.0.1/wordpress/wp-admin/admin-ajax.php - found

[i] File: http://127.0.0.1/wordpress/wp-activate.php - found

--fuzz :  Will fuzz the website in order to detect as much file, themes and plugins as possible

```



## Output example from a test environment

![alt tag](https://github.com/swisskyrepo/Wordpresscan/blob/master/screens/Version%204.4.7.png?raw=true)



## Deploy a test environment

```bash

docker-compose -f wordpress_compose.yml up -d

```

To enable `wp-json` api you need to change "Permalink" to anything but "simple" in the settings.



## Credits and Contributors

* Original idea and script from [WPScan Team](https://wpscan.org/)

* Many PR and bugfixes from [bl4de](https://github.com/bl4de)