This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Wordpress Vulnerability Scanner Project

From OWASP
Revision as of 06:36, 4 June 2015 by Ramadhan (talk | contribs) (OWASP Wordpress Scanner Project)

Jump to: navigation, search
OWASP Project Header.jpg

OWASP Wordpress Scanner Project

A wordpress scanner written in PHP, focus on vulnerability assessment and security audit of wordpress installation. Wordpress Scanner allows you to audit the security of your wordpress installation. It performs "black-box" scans, i.e. it does not do static analysis of the application but will scan the webpages of the deployed webapp, looking for known vulnerability

Description

Wordpress Scanner is BlackBox Wordpress Vulnerability Scanner, inspired by WPScan and written in PHP.

Current Features

The following features are currently available.

  • Feature 1
  • Feature 2
  • Feature 3

Resources

Project Leader

Licensing

OWASP Wordpress Scanner is free software: you can redistribute it and/or modify it under the terms of the MIT License.

Classifications

Project Type Files TOOL.jpg
Incubator Project

Requirement

  • PHP >= 5.3
  • PHP cURL Extension
  • PHP JSON Extension
  • PHP OpenSSL Extension (HTTPS Support)

Installation

Q1
A1
Q2
A2

Contributors

Ramadhan Amizudin - Core Developer.

Mokhdzani Faeq - Multi-thread support for plugin enumeration.

Nawawi Jamili - Code Enhancement.

Big thanks to WPScan.org team for providing plugin/theme/version vulnerability database - WPScan.org

As of now, the priorities are:

  • Rewrite code to be more modular
  • Unit Tests
  • Add Proxy Support
  • Add Web UI
  • Add Password audit support
  • Add custom wordpress directory(wp-content and wp-plugin)
  • Add support for static user agent(currently random)
  • Vulnerability Database (currently using https://wpvulndb.com)