This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Wordpress Vulnerability Scanner Project
OWASP Wordpress Scanner ProjectA wordpress scanner written in PHP, focus on vulnerability assessment and security audit of wordpress installation. Wordpress Scanner allows you to audit the security of your wordpress installation. It performs "black-box" scans, i.e. it does not do static analysis of the application but will scan the webpages of the deployed webapp, looking for known vulnerability DescriptionWordpress Scanner is BlackBox Wordpress Vulnerability Scanner, inspired by WPScan and written in PHP. Current FeaturesThe following features are currently available.
|
Resources
Project LeaderLicensingOWASP Wordpress Scanner is free software: you can redistribute it and/or modify it under the terms of the MIT License. Classifications
| |||
Requirement
- PHP >= 5.3
- PHP cURL Extension
- PHP JSON Extension
- PHP OpenSSL Extension (HTTPS Support)
Installation
- Download from repo: git clone https://github.com/RamadhanAmizudin/Wordpress-scanner.git
- Start Scanning: php app.php <url>
- Q1
- A1
- Q2
- A2
Contributors
Ramadhan Amizudin - Core Developer.
Mokhdzani Faeq - Multi-thread support for plugin enumeration.
Nawawi Jamili - Code Enhancement.
Big thanks to WPScan.org team for providing plugin/theme/version vulnerability database - WPScan.org
As of now, the priorities are:
- Rewrite code to be more modular
- Unit Tests
- Add Proxy Support
- Add Web UI
- Add Password audit support
- Add custom wordpress directory(wp-content and wp-plugin)
- Add support for static user agent(currently random)
- Vulnerability Database (currently using https://wpvulndb.com)
