https://github.com/taleblou/wordpressvulnerabilityscanner_python
A Python script to scan WordPress sites for vulnerabilities like version disclosure, exposed wp-config.php, XML-RPC issues, REST API exposure, user enumeration, and outdated plugins/themes. Logs results to a CSV file for easy analysis. For educational use only.
https://github.com/taleblou/wordpressvulnerabilityscanner_python
vulnerabilities wordpress
Last synced: 2 months ago
JSON representation
A Python script to scan WordPress sites for vulnerabilities like version disclosure, exposed wp-config.php, XML-RPC issues, REST API exposure, user enumeration, and outdated plugins/themes. Logs results to a CSV file for easy analysis. For educational use only.
- Host: GitHub
- URL: https://github.com/taleblou/wordpressvulnerabilityscanner_python
- Owner: taleblou
- License: mit
- Created: 2025-01-16T08:50:22.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-01-16T08:51:03.000Z (over 1 year ago)
- Last Synced: 2025-01-27T16:49:25.791Z (over 1 year ago)
- Topics: vulnerabilities, wordpress
- Language: Python
- Homepage: https://taleblou.ir/
- Size: 4.88 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# **WordPress Vulnerability Scanner**
This Python script scans a WordPress website for common vulnerabilities and logs the findings into a CSV file. It checks for several WordPress-specific security issues, including version disclosure, exposed configuration files, REST API exposure, and more.
## **Features**
* **Version Disclosure**: Identifies if the WordPress version is publicly disclosed.
* **Exposed Configuration File**: Checks if the `wp-config.php` file is accessible.
* **XML-RPC Vulnerability**: Detects if XML-RPC is enabled, which can be exploited for brute force attacks.
* **REST API Exposure**: Verifies if the REST API is exposed without proper authentication.
* **User Enumeration**: Identifies accessible user IDs that could be exploited.
* **Outdated Plugins and Themes**: Detects plugins or themes with known vulnerabilities.
## **Requirements**
* Python 3.7 or higher
* Required libraries:
* `requests`
* `pandas`
Install the required libraries using pip:
bash
Copy code
`pip install requests pandas`
## **Usage**
1. Copy the script to a Python file, e.g., `wordpress_vulnerability_scanner.py`.
Edit the `target_url` variable in the script to specify the WordPress website you want to scan:
python
Copy code
`target_url = "http://example.com" # Replace with the target WordPress URL`
2.
Run the script:
bash
Copy code
`python wordpress_vulnerability_scanner.py`
3.
The results of the scan will be saved to a CSV file (`wordpress_vulnerability_report.csv` by default). The file includes the URL, type of vulnerability, and additional details.
## **Example Output**
The CSV file will contain rows like the following:
| URL | Vulnerability Type | Details |
| ----- | ----- | ----- |
| [http://example.com](http://example.com) | Version Disclosure | WordPress version 5.8.1 is disclosed. |
| http://example.com/wp-config.php | Exposed wp-config.php | Sensitive configuration file is exposed. |
| http://example.com/xmlrpc.php | XML-RPC Enabled | XML-RPC is enabled, potential for brute force attacks. |
| http://example.com/?author=1 | User Enumeration | User ID 1 is accessible. |
## **Notes**
* The script uses a basic approach to identify vulnerabilities. For production use, consider integrating a comprehensive database of known vulnerabilities.
* Always obtain permission before scanning a website that you do not own.
Adjust the `user_id` range in the user enumeration section for a more thorough scan:
python
Copy code
`for user_id in range(1, 50): # Adjust range as needed`
*
## **Disclaimer**
This script is for educational purposes only. The author is not responsible for any misuse of this script.