This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Wordpress Vulnerability Scanner Project"
(→Road Map) |
|||
Line 71: | Line 71: | ||
As of now, the priorities are: | As of now, the priorities are: | ||
*Rewrite code to be more modular | *Rewrite code to be more modular | ||
+ | *Change to script argument instead of user input for scan options. | ||
*Unit Tests | *Unit Tests | ||
*Add Proxy Support | *Add Proxy Support |
Revision as of 07:46, 4 June 2015
OWASP Wordpress Scanner ProjectA Wordpress Scanner written in PHP, focus on vulnerability assessment and security audit of misconfiguration in the Wordpress installation. Wordpress Scanner is capable of finding the flaw in the Wordpress installation and will provide all the information regarding the vulnerability. Wordpress Scanner is not a tool for code auditing, it performs "black box" scanning for the Wordpress powered web application. Current FeaturesThe following features are currently available.
|
Quick Download
Project LeaderContact Us
LicensingOWASP Wordpress Scanner is free software: you can redistribute it and/or modify it under the terms of the MIT License. Classifications |
Requirement
- PHP >= 5.3
- PHP cURL Extension
- PHP JSON Extension
- PHP OpenSSL Extension (HTTPS Support)
Installation
- Download from repo: git clone https://github.com/RamadhanAmizudin/Wordpress-scanner.git
- Start Scanning: php app.php <url>
Contributors
- Mokhdzani Faeq - Multi-thread support for plugin enumeration.
- Nawawi Jamili - Code Enhancement.
- Big thanks to WPScan.org team for providing plugin/theme/version vulnerability database - WPScan.org
Road Map
As of now, the priorities are:
- Rewrite code to be more modular
- Change to script argument instead of user input for scan options.
- Unit Tests
- Add Proxy Support
- Add Web UI
- Add Password audit support
- Add custom wordpress directory(wp-content and wp-plugin)
- Add support for static user agent(currently random)
- Vulnerability Database (currently using https://wpvulndb.com)