This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Wordpress Vulnerability Scanner Project"
(→Requirement / Installation) |
|||
| Line 41: | Line 41: | ||
=Requirement / Installation= | =Requirement / Installation= | ||
| − | + | '''Requirement''' | |
| − | + | * PHP >= 5.3 | |
| + | * PHP cURL Extension | ||
| + | * PHP JSON Extension | ||
| + | * PHP OpenSSL Extension (HTTPS Support) | ||
| − | + | '''Installation''' | |
| − | : | + | |
| + | *Download from repo: <tt>git clone https://github.com/RamadhanAmizudin/Wordpress-scanner.git</tt> | ||
| + | *Start Scanning: <tt>php app.php <url></tt> | ||
=FAQs= | =FAQs= | ||
Revision as of 11:57, 3 June 2015
OWASP Wordpress Scanner ProjectA wordpress scanner written in PHP, focus on vulnerability assessment and security audit of wordpress installation. Wordpress Scanner allows you to audit the security of your wordpress installation. It performs "black-box" scans, i.e. it does not study the source code of the application but will scan the webpages of the deployed webapp, looking for known vulnerability DescriptionThis is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful. LicensingOWASP Wordpress Scanner is free software: you can redistribute it and/or modify it under the terms of the MIT License. |
Resources
Project LeaderClassifications
| |||
Requirement
- PHP >= 5.3
- PHP cURL Extension
- PHP JSON Extension
- PHP OpenSSL Extension (HTTPS Support)
Installation
- Download from repo: git clone https://github.com/RamadhanAmizudin/Wordpress-scanner.git
- Start Scanning: php app.php <url>
- Q1
- A1
- Q2
- A2
Contributors
Ramadhan Amizudin - Core Developer
Mokhdzani Faeq - Multi-thread support for plugin enumeration.
Big thanks to WPScan.org team for providing plugin/theme/version vulnerability database - WPScan.org
As of now, the priorities are:
- Rewrite code to be more modular
- Unit Tests
- Add Proxy Support
- Add Web UI
- Add Password audit support
- Add custom wordpress directory(wp-content and wp-plugin)
- Add support for static user agent(currently random)
- Vulnerability Database (currently using https://wpvulndb.com)
