This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Wordpress Vulnerability Scanner Project"

From OWASP
Jump to: navigation, search
(Requirement / Installation)
(Description)
Line 12: Line 12:
  
 
==Description==
 
==Description==
<span style="color:#ff0000">
+
Wordpress Scanner is BlackBox Wordpress Vulnerability Scanner, inspired by [http://wpscan.org WPScan] and written in PHP.
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful. 
 
</span>
 
  
 
==Licensing==
 
==Licensing==

Revision as of 12:06, 3 June 2015

OWASP Project Header.jpg

OWASP Wordpress Scanner Project

A wordpress scanner written in PHP, focus on vulnerability assessment and security audit of wordpress installation. Wordpress Scanner allows you to audit the security of your wordpress installation. It performs "black-box" scans, i.e. it does not study the source code of the application but will scan the webpages of the deployed webapp, looking for known vulnerability

Description

Wordpress Scanner is BlackBox Wordpress Vulnerability Scanner, inspired by WPScan and written in PHP.

Licensing

OWASP Wordpress Scanner is free software: you can redistribute it and/or modify it under the terms of the MIT License.

Resources

Project Leader

Classifications

Project Type Files TOOL.jpg
Incubator Project

Requirement

  • PHP >= 5.3
  • PHP cURL Extension
  • PHP JSON Extension
  • PHP OpenSSL Extension (HTTPS Support)

Installation

Q1
A1
Q2
A2

Contributors

Ramadhan Amizudin - Core Developer

Mokhdzani Faeq - Multi-thread support for plugin enumeration.

Big thanks to WPScan.org team for providing plugin/theme/version vulnerability database - WPScan.org

As of now, the priorities are:

  • Rewrite code to be more modular
  • Unit Tests
  • Add Proxy Support
  • Add Web UI
  • Add Password audit support
  • Add custom wordpress directory(wp-content and wp-plugin)
  • Add support for static user agent(currently random)
  • Vulnerability Database (currently using https://wpvulndb.com)
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Wordpress_Vulnerability_Scanner_Project&oldid=195712"