13/07/11

WPScan - WordPress Security/Vulnerability Scanner

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc).

Features


    Username enumeration (from author querystring and location header)
    Weak password cracking (multithreaded)
    Version enumeration (from generator meta tag)
    Vulnerability enumeration (based on version)
    Plugin enumeration (2220 most popular by default)
    Plugin vulnerability enumeration (based on version) (todo)
    Plugin enumeration list generation
    Other misc WordPress checks (theme name, dir listing, …)

Requirements

WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.

INSTALL

Installing on Backtrack5 Gnome/KDE 32bit:

sudo apt-get install libcurl4-gnutls-dev

sudo gem install --user-install mime-types

sudo gem install --user-install typhoeus

sudo gem install --user-install xml-simple


Installing on Debian/Ubuntu:

sudo apt-get install libcurl4-gnutls-dev

sudo apt-get install libopenssl-ruby

sudo gem install typhoeus

sudo gem install xml-simple


Installing on other nix: (not tested)
sudo gem install typhoeus

sudo gem install xml-simple


Installing on Windows: (not tested)

gem install typhoeus

gem install xml-simple


Installing on Mac OSX: (not tested)

sudo gem install typhoeus

sudo gem install xml-simple

COMMANDS

--url (The WordPress URL/domain to scan.)

--version (Only do version enumeration.)

--wordlist (Supply a wordlist for the password bruter and do the brute.)

--threads (The number of threads to use when multi-threading requests.)

--username (Only brute force the supplied username.)

--generate_plugin_list (Generate a new data/plugins.txt file.)

-v (Verbose output.)

EXAMPLES

Do 'non-intrusive' checks...

ruby wpscan.rb --url www.example.com

Only do version enumeration...

ruby wpscan.rb --url www.example.com --version

Do wordlist password brute force on enumerated users using 50 threads...

ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the 'admin' username only...

ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin

Generate a new 'most popular' plugin list... ruby ./wpscan.rb --generate_plugin_list 150


PROJECT HOME

http://code.google.com/p/wpscan/


SUBVERSION REPOSITORY

svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only


ISSUES

http://code.google.com/p/wpscan/issues/list

You can download WPScan by checking it out from the SVN repository on Google Code:

svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only

Or you can read more here

====================================================================

NB : darknet & ethicalhack3r

1 komentar:

  1. om...
    ane udah ikutin cara diatas....
    tapi pas mau ruby wpscan.rb gak bisa om...

    bilangnya no directory...
    Itu installnya di dir mana ya om?

    BalasHapus