WPSeku is a black box WordPress Security scanner that can be used to scan remote WordPress installations to find security issues and vulnerabilities.
Features of WPSeku WordPress Security Scanner
WPSeku supports various types of scanning including:
- Testing for XSS Vulnerabilities
- Testing for SQL Injection Vulnerabilities
- Testing for LFI Vulnerabilities
- Bruteforce login via xmlrpc
- Username Enumeration
- Proxy Support
- Method (GET/POST)
- Custom Wordlists
- Custom user-agent
It also uses the WPVulnDB Vulnerability Database API at https://wpvulndb.com/api.
Using WPSeku WordPress Security Scanner
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
\ \ / / _ \/ ___| ___| | ___ _ \ \ /\ / /| |_) \___ \ / _ \ |/ / | | | \ V V / | __/ ___) | __/ <| |_| | \_/\_/ |_| |____/ \___|_|\_\\__,_| || WPSeku - Wordpress Security Scanner || Version 0.2.1 || Momo Outaadi (M4ll0k) || https://github.com/m4ll0k/WPSeku Usage: ./wpseku.py [--target|-t] http://localhost -t --target Target URL (eg: http://localhost) -x --xss Testing XSS vulns -s --sql Testing SQL vulns -l --lfi Testing LFI vulns -q --query Testable parameters (eg: "id=1&test=1") -b --brute Bruteforce login via xmlrpc -u --user Set username, default=admin -p --proxy Set proxy, (host:port) -m --method Set method (GET/POST) -c --cookie Set cookies -w --wordlist Set wordlist -a --agent Set user-agent -r --redirect Redirect target url, default=True -h --help Show this help and exit Examples: wpseku.py --target http://localhost wpseku.py -t http://localhost/wp-admin/post.php -m GET -q "post=49&action=edit" [-x,-s,-l] wpseku.py --target http://localhost --brute --wordlist dict.txt wpseku.py --target http://localhost --brute --user test --wordlist dict.txt |
WPSeku WordPress Security Scan Installation
1 2 3 4 |
# git clone https://github.com/m4ll0k/WPSeku.git # cd WPSeku # pip install -r requirements.txt # python wpseku.py |
There’s also these to check out:
– Plecost – WordPress Fingerprinting Tool
– CMSmap – Content Management System Security Scanner
– WPScan – WordPress Vulnerability Scanner
You can download WPSeku here:
Or read more here.
Scott says
Anyone know how this compares to WPScan?