This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Wordpress Vulnerability Scanner Project

From OWASP
Revision as of 06:46, 4 June 2015 by Ramadhan (talk | contribs) (OWASP Wordpress Scanner Project)

Jump to: navigation, search
OWASP Project Header.jpg

OWASP Wordpress Scanner Project

A wordpress scanner written in PHP, focus on vulnerability assessment and security audit of wordpress installation. Wordpress Scanner allows you to audit the security of your wordpress installation. It performs "black-box" scans.

Description

Wordpress Scanner is BlackBox Wordpress Vulnerability Scanner, inspired by WPScan and written in PHP.

Current Features

The following features are currently available.

  • Feature 1
  • Feature 2
  • Feature 3

Resources

Project Leader

Contact Us

Licensing

OWASP Wordpress Scanner is free software: you can redistribute it and/or modify it under the terms of the MIT License.

Classifications

Project Type Files TOOL.jpg
Incubator Project

Requirement

  • PHP >= 5.3
  • PHP cURL Extension
  • PHP JSON Extension
  • PHP OpenSSL Extension (HTTPS Support)

Installation

Q1
A1
Q2
A2

Contributors

  • Mokhdzani Faeq - Multi-thread support for plugin enumeration.
  • Nawawi Jamili - Code Enhancement.
  • Big thanks to WPScan.org team for providing plugin/theme/version vulnerability database - WPScan.org

As of now, the priorities are:

  • Rewrite code to be more modular
  • Unit Tests
  • Add Proxy Support
  • Add Web UI
  • Add Password audit support
  • Add custom wordpress directory(wp-content and wp-plugin)
  • Add support for static user agent(currently random)
  • Vulnerability Database (currently using https://wpvulndb.com)
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Wordpress_Vulnerability_Scanner_Project&oldid=195755"