This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Wordpress Vulnerability Scanner Project"

From OWASP
Jump to: navigation, search
(OWASP Wordpress Scanner Project)
(Current Features)
Line 16: Line 16:
 
==Current Features==
 
==Current Features==
 
The following features are currently available.  
 
The following features are currently available.  
* Feature 1
+
* Detect version of wordpress installation
* Feature 2
+
* Detect sensitive file. (eg: readme, database replacing file)
* Feature 3
+
* Detect enabled feature on installation. (eg: multisite enabled, allow registration)
 +
* Detect theme name (through passive fingerprinting)
 +
* List of installed plugins (through passive fingerprinting)
 +
* Enumerate Plugins
 +
* Enumerate Themes
 +
* Enumerate Users
  
 
| valign="top"  style="padding-left:25px;width:200px;" |
 
| valign="top"  style="padding-left:25px;width:200px;" |

Revision as of 06:51, 4 June 2015

OWASP Project Header.jpg

OWASP Wordpress Scanner Project

A wordpress scanner written in PHP, focus on vulnerability assessment and security audit of wordpress installation. Wordpress Scanner allows you to audit the security of your wordpress installation. It performs "black-box" scans.

Description

Wordpress Scanner is BlackBox Wordpress Vulnerability Scanner, inspired by WPScan and written in PHP.

Current Features

The following features are currently available.

  • Detect version of wordpress installation
  • Detect sensitive file. (eg: readme, database replacing file)
  • Detect enabled feature on installation. (eg: multisite enabled, allow registration)
  • Detect theme name (through passive fingerprinting)
  • List of installed plugins (through passive fingerprinting)
  • Enumerate Plugins
  • Enumerate Themes
  • Enumerate Users

Resources

Project Leader

Contact Us

Licensing

OWASP Wordpress Scanner is free software: you can redistribute it and/or modify it under the terms of the MIT License.

Classifications

Project Type Files TOOL.jpg
Incubator Project

Requirement

  • PHP >= 5.3
  • PHP cURL Extension
  • PHP JSON Extension
  • PHP OpenSSL Extension (HTTPS Support)

Installation

Q1
A1
Q2
A2

Contributors

  • Mokhdzani Faeq - Multi-thread support for plugin enumeration.
  • Nawawi Jamili - Code Enhancement.
  • Big thanks to WPScan.org team for providing plugin/theme/version vulnerability database - WPScan.org

As of now, the priorities are:

  • Rewrite code to be more modular
  • Unit Tests
  • Add Proxy Support
  • Add Web UI
  • Add Password audit support
  • Add custom wordpress directory(wp-content and wp-plugin)
  • Add support for static user agent(currently random)
  • Vulnerability Database (currently using https://wpvulndb.com)
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Wordpress_Vulnerability_Scanner_Project&oldid=195756"