This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Wordpress Vulnerability Scanner Project"

From OWASP
Jump to: navigation, search
(Project Leader)
(OWASP Wordpress Scanner Project)
Line 9: Line 9:
  
 
A wordpress scanner written in PHP, focus on vulnerability assessment and security audit of wordpress installation.
 
A wordpress scanner written in PHP, focus on vulnerability assessment and security audit of wordpress installation.
Wordpress Scanner allows you to audit the security of your wordpress installation. It performs "black-box" scans, i.e. it does not do static analysis of the application but will scan the webpages of the deployed webapp, looking for known vulnerability
+
Wordpress Scanner allows you to audit the security of your wordpress installation. It performs "black-box" scans.
  
 
==Description==
 
==Description==

Revision as of 06:46, 4 June 2015

OWASP Project Header.jpg

OWASP Wordpress Scanner Project

A wordpress scanner written in PHP, focus on vulnerability assessment and security audit of wordpress installation. Wordpress Scanner allows you to audit the security of your wordpress installation. It performs "black-box" scans.

Description

Wordpress Scanner is BlackBox Wordpress Vulnerability Scanner, inspired by WPScan and written in PHP.

Current Features

The following features are currently available.

  • Feature 1
  • Feature 2
  • Feature 3

Resources

Project Leader

Contact Us

Licensing

OWASP Wordpress Scanner is free software: you can redistribute it and/or modify it under the terms of the MIT License.

Classifications

Project Type Files TOOL.jpg
Incubator Project

Requirement

  • PHP >= 5.3
  • PHP cURL Extension
  • PHP JSON Extension
  • PHP OpenSSL Extension (HTTPS Support)

Installation

Q1
A1
Q2
A2

Contributors

  • Mokhdzani Faeq - Multi-thread support for plugin enumeration.
  • Nawawi Jamili - Code Enhancement.
  • Big thanks to WPScan.org team for providing plugin/theme/version vulnerability database - WPScan.org

As of now, the priorities are:

  • Rewrite code to be more modular
  • Unit Tests
  • Add Proxy Support
  • Add Web UI
  • Add Password audit support
  • Add custom wordpress directory(wp-content and wp-plugin)
  • Add support for static user agent(currently random)
  • Vulnerability Database (currently using https://wpvulndb.com)
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Wordpress_Vulnerability_Scanner_Project&oldid=195755"