Wednesday, August 24, 2011

Wordpress Security Vulnerability

2:17 PM  , , ,  No comments

WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations.

Download

Features include:


Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on version)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, ...)

WPScan will be hosted on Google Code at http://code.google.com/p/wpscan/. You can download and start running WPScan ALPHA by checking out the SVN trunk. “svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only”
Installation

WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.

Installing on Backtrack5 Gnome/KDE 32bit:
sudo apt-get install libcurl4-gnutls-dev
sudo gem install --user-install mime-types
sudo gem install --user-install typhoeus
sudo gem install --user-install xml-simple

Installing on Debian/Ubuntu:
sudo apt-get install libcurl4-gnutls-dev
sudo apt-get install libopenssl-ruby
sudo gem install typhoeus
sudo gem install xml-simple

Installing on other nix: (not tested)
sudo gem install typhoeus
sudo gem install xml-simple

Installing on Windows: (not tested)
gem install typhoeus
gem install xml-simple

Installing on Mac OSX: (not tested)
sudo gem install typhoeus
sudo gem install xml-simple
Usage

-h for further help.

Examples:

Quote: Do 'non-intrusive' checks...
ruby wpscan.rb --url http://www.example.com

Only do version enumeration...
ruby wpscan.rb --url http://www.example.com --version

Do wordlist password brute force on enumerated users using 50 threads...
ruby wpscan.rb --url http://www.example.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the 'admin' username only...
ruby wpscan.rb --url http://www.example.com --wordlist darkc0de.lst --username admin

Generate a new 'most popular' plugin list, up to 150 pages...
ruby ./wpscan.rb --generate_plugin_list 150

Enumerate installed plugins...
ruby ./wpscan.rb --enumerate p

See README for further information.





Licence

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/>.

0 comments:

Post a Comment