An open API service indexing awesome lists of open source software.

https://github.com/taleblou/wordpressvulnerabilityscanner_python

A Python script to scan WordPress sites for vulnerabilities like version disclosure, exposed wp-config.php, XML-RPC issues, REST API exposure, user enumeration, and outdated plugins/themes. Logs results to a CSV file for easy analysis. For educational use only.
https://github.com/taleblou/wordpressvulnerabilityscanner_python

vulnerabilities wordpress

Last synced: 2 months ago
JSON representation

A Python script to scan WordPress sites for vulnerabilities like version disclosure, exposed wp-config.php, XML-RPC issues, REST API exposure, user enumeration, and outdated plugins/themes. Logs results to a CSV file for easy analysis. For educational use only.

Awesome Lists containing this project

README

          

# **WordPress Vulnerability Scanner**

This Python script scans a WordPress website for common vulnerabilities and logs the findings into a CSV file. It checks for several WordPress-specific security issues, including version disclosure, exposed configuration files, REST API exposure, and more.

## **Features**

* **Version Disclosure**: Identifies if the WordPress version is publicly disclosed.
* **Exposed Configuration File**: Checks if the `wp-config.php` file is accessible.
* **XML-RPC Vulnerability**: Detects if XML-RPC is enabled, which can be exploited for brute force attacks.
* **REST API Exposure**: Verifies if the REST API is exposed without proper authentication.
* **User Enumeration**: Identifies accessible user IDs that could be exploited.
* **Outdated Plugins and Themes**: Detects plugins or themes with known vulnerabilities.

## **Requirements**

* Python 3.7 or higher
* Required libraries:
* `requests`
* `pandas`

Install the required libraries using pip:

bash

Copy code

`pip install requests pandas`

## **Usage**

1. Copy the script to a Python file, e.g., `wordpress_vulnerability_scanner.py`.

Edit the `target_url` variable in the script to specify the WordPress website you want to scan:
python
Copy code
`target_url = "http://example.com" # Replace with the target WordPress URL`

2.

Run the script:
bash
Copy code
`python wordpress_vulnerability_scanner.py`

3.

The results of the scan will be saved to a CSV file (`wordpress_vulnerability_report.csv` by default). The file includes the URL, type of vulnerability, and additional details.

## **Example Output**

The CSV file will contain rows like the following:

| URL | Vulnerability Type | Details |
| ----- | ----- | ----- |
| [http://example.com](http://example.com) | Version Disclosure | WordPress version 5.8.1 is disclosed. |
| http://example.com/wp-config.php | Exposed wp-config.php | Sensitive configuration file is exposed. |
| http://example.com/xmlrpc.php | XML-RPC Enabled | XML-RPC is enabled, potential for brute force attacks. |
| http://example.com/?author=1 | User Enumeration | User ID 1 is accessible. |

## **Notes**

* The script uses a basic approach to identify vulnerabilities. For production use, consider integrating a comprehensive database of known vulnerabilities.
* Always obtain permission before scanning a website that you do not own.

Adjust the `user_id` range in the user enumeration section for a more thorough scan:
python
Copy code
`for user_id in range(1, 50): # Adjust range as needed`

*

## **Disclaimer**

This script is for educational purposes only. The author is not responsible for any misuse of this script.