This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP wpBullet

From OWASP
Revision as of 22:51, 4 July 2019 by Sikic (talk | contribs) (Description)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
OWASP Project Header.jpg

Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: WpBullet
Purpose: wpBullet is a source code analysis framework capable of identifying security flaws in WordPress extensions (themes & plugins) or any other codebase which uses WordPress API functions.
License: GNU General Public License v2.0
who is working on this project?
Project Leader(s):
Project Contributor(s):
  • Nikola Gigic
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: [Not yet released View]
Main links:
Key Contacts
current release
The current release can be found at GitHub repository
last reviewed release
The last reviewed release can be found at GitHub repository


other releases

Description

OWASP wpBullet is an opensource software that was developed for identifying security vulnerabilities in WordPress plugins and themes. It was built following flexible patterns to allow maximum flexibility and ease of creating new detection rules. Beside analyzing source code for vulnerabilities, this tool will also map all exposed hooks which give a researcher a good starting point where to look for flaws.

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the link GNU Affero General Public License 2.0 as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version. Copyright © by Luka Sikic 2019.

Roadmap

As of July, 2019, the highest priorities for the next 6 months are:

  • Reduce the number of false-positive results
  • Add check for nonce verification, user capability/permission checks
  • Make output more user-friendly
  • Add support for results output in HTML format

Getting Involved

You can contribute to the project on GitHub repository. If you have any questions feel free to reach out at luka [ at ] sikic.eu

Project Leader

Luka Sikic

Classifications

Project Type Files TOOL.jpg
Incubator Project Owasp-breakers-small.png
Owasp-defenders-small.png