InfoSec Ninjas 资安忍者

Wordpresscan



Wordpresscan is a Wordpress CMS security auditing tool which is rewritten WPScan in Python and implemented some idea of WPSeku by swissky. However, the original copy in Github is still in alpha version and dated Oct 15, 2017.

Wordpresscan is then forked by Samiux on Apr 19, 2018 and some improvements as well as bugs fix on it. The modified version is released in Open Source under GPLv3 by Samiux.

It is well tested on Parrot Security OS 3.11 and it can run right away on Parrot without installation.





CheckSum

sha256sum 16709ebde820eb0c062a8880df26882faff6d98b10930e1c7c1635652b21036e Wordpresscan-1.0d.tar.gz

ChangeLog

Version 1.0a
Release date : 2018-04-19 GMT+8
[+] Fork from Wordpresscan
[+] Minor bugs fix
[+] Some improvements

Version 1.0b
Release date : 2018-04-20 GMT+8
[+] Some improvements

Version 1.0c
Release date : 2018-04-20 GMT+8
[+] Some improvements

Version 1.0d [Stable]
Release date : 2018-04-21 GMT+8
[+] Improvement for avoiding DoS to target
[+] Some improvements

Requirements

- Parrot Security OS 3.11 or higher (Linux system)
- Python 2.7

Download

wget https://www.infosec-ninjas.com/files/Wordpresscan-1.0d.tar.gz
tar -xvzf Wordpresscan-1.0d.tar.gz
cd Wordpresscan


Usage

Help

cd Wordpresscan
python main.py -h


Scan and Update

cd Wordpresscan
python main.py -u "http://example.com" --update --random-agent


Brute force password

cd Wordpresscan
python main.py -u "http://example.com" --brute --usernames "admin" --passwords-list fuzz/wordlist.lst --threads 50 --random-agent


Brute force username and password

cd Wordpresscan
python main.py -u "http://example.com" --brute --users-list fuzz/wordlist.lst --passwords-list fuzz/wordlist.lst --threads 50 --random-agent



* The total number of threads is depends on how much memory you have and the bandwidth you get as well as the resources of the target web server that available. However, too few threads may be too slow. Too many threads may cause false positive on some insufficient resources web sites, that is DoS to the target. Suggested that the maximum threads is around 50 to 100 for a amateur web site.