Kali
Wpgarlic is a proof-of-concept WordPress plugin fuzzer used in the research described in https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html that helped to discover more than 140 vulnerablities in WordPress plugins installed on almost 15 million sites. If you want to continue the research, start with less popular plugins – if a plugin achieved at least 10k active installs between October 2021 and …
Continue reading “Wpgarlic : A Proof-Of-Concept WordPress Plugin Fuzzer”
Presshell is a tool for Quick & dirty WordPress Command Execution Shell. Execute shell commands on your wordpress server. Uploaded shell will probably be at <your-host>/wp-content/plugins/shell/shell.php Installation To install the shell, we are assuming you have administrative rights to WordPress and can install plugins since transferring a PHP file to the media library shouldn’t work anyway. …
Continue reading “Presshell : Quick And Dirty WordPress Command Execution Shell”
WordPress Brute Force is a super fast login for WordPress. .—. .———–/ \ __ / ——/ / ( )/ —–////// ‘ \/ — //// / // : ★★ : — // / / / ‘–// //..\ WpCrack Brute Froce Tool™====UU====UU==========================‘//||`”“usage: python WpCrack.py [options]optional arguments:-h, –help show this help message and exit-V, –version show program’s version …
Continue reading “WordPress Brute Force : Super Fast Login WordPress Brute Force”
Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. Features Status Features ✅ Random Agent ✅ Detection WAF ✅ User Enumerator ✅ Plugin Scanner ✅ Theme Scanner ✅ Tor Proxy’s ✅ Detection Honeypot ✅ Fuzzing Backup Files 🔨 Fuzzing Passwords 🔨 Vulnerability Scanner Usage Flag(s) Description -u, –url string …
Continue reading “Wprecon : A Vulnerability Recognition Tool In CMS WordPress”
We intentionally made it for our penetration testing jobs however its getting grey hairs now so we thought we would like to pass it on to the public!. ProjectOpal or Opal. Is a stealth post exploit framework for wordpress sites that can hide its trace from logs and obfuscate it’s way through the system! 🙂 …
Continue reading “ProjectOpal : Stealth Post-Exploitation Framework For WordPress”
An XMLRPC brute forcer targeting WordPress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage — python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username — python3 xmlrpcbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt userlist.txt ( >>in progess<<) Bugs If you get an xml.etree.ElementTree.ParseError: Did you forget …
Continue reading “XMLRPC : An Brute Forcer Targeting WordPress Written In Python 3”
WPBullet is a static code analysis for WordPress Plugins/Themes (and PHP). Simply clone the repository, install requirements and run the script ; git clone https://github.com/webarx-security/wpbullet wpbulletcd wpbulletpip install -r requirements.txtpython wpbullet.py Available options: –path (required) System path or download URL Examples: –path=”/path/to/plugin” –path=”https://wordpress.org/plugins/example-plugin” –path=”https://downloads.wordpress.org/plugin/example-plugin.1.5.zip” –enabled (optional) Check only for given modules, ex. –enabled=”SQLInjection,CrossSiteScripting” –disabled (optional) …
Continue reading “WPBullet : A Static Code Analysis For WordPress & PHP”
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. Installation Prerequisites (Optional but highly recommended: RVM) Ruby >= 2.3 – Recommended: latest Ruby 2.5.0 to 2.5.3 can cause an ‘undefined symbol: rmpd_util_str_to_d’ error in some systems, see #1283 …
Continue reading “WPScan : WordPress Vulnerability Scanner Written for Security Professionals”
WPintel is a chrome extension designed for WordPress Vulnerability Scanning and information gathering. It allows you to scan self hosted WordPress sites and with this you can detect the following: Also Read:SQLiScanner – Automatic SQL Injection With Charles & SQLmap API • Version• Version vulnerabilities• Plugins• Themes• Usersand much more! Click here to download the …
CMSeeK is a CMS detection and exploitation suite where you can Scan WordPress, Joomla, Drupal and 100 other CMSs. CMS or content management system manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Use Of CMSeek Basic CMS Detection of over 80 CMS Drupal version detection Advanced WordPress …
Continue reading “CMSeeK – CMS Detection And Exploitation Suite”
.png)
