This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Wordpress Vulnerability Scanner Project

From OWASP
Revision as of 06:51, 4 June 2015 by Ramadhan (talk | contribs) (Current Features)

Jump to: navigation, search
OWASP Project Header.jpg

OWASP Wordpress Scanner Project

A wordpress scanner written in PHP, focus on vulnerability assessment and security audit of wordpress installation. Wordpress Scanner allows you to audit the security of your wordpress installation. It performs "black-box" scans.

Description

Wordpress Scanner is BlackBox Wordpress Vulnerability Scanner, inspired by WPScan and written in PHP.

Current Features

The following features are currently available.

  • Detect version of wordpress installation
  • Detect sensitive file. (eg: readme, database replacing file)
  • Detect enabled feature on installation. (eg: multisite enabled, allow registration)
  • Detect theme name (through passive fingerprinting)
  • List of installed plugins (through passive fingerprinting)
  • Enumerate Plugins
  • Enumerate Themes
  • Enumerate Users

Resources

Project Leader

Contact Us

Licensing

OWASP Wordpress Scanner is free software: you can redistribute it and/or modify it under the terms of the MIT License.

Classifications

Project Type Files TOOL.jpg
Incubator Project

Requirement

  • PHP >= 5.3
  • PHP cURL Extension
  • PHP JSON Extension
  • PHP OpenSSL Extension (HTTPS Support)

Installation

Q1
A1
Q2
A2

Contributors

  • Mokhdzani Faeq - Multi-thread support for plugin enumeration.
  • Nawawi Jamili - Code Enhancement.
  • Big thanks to WPScan.org team for providing plugin/theme/version vulnerability database - WPScan.org

As of now, the priorities are:

  • Rewrite code to be more modular
  • Unit Tests
  • Add Proxy Support
  • Add Web UI
  • Add Password audit support
  • Add custom wordpress directory(wp-content and wp-plugin)
  • Add support for static user agent(currently random)
  • Vulnerability Database (currently using https://wpvulndb.com)
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Wordpress_Vulnerability_Scanner_Project&oldid=195756"