WPSeku v0.4 - Wordpress Security Scanner - Hack Mur@Z

Breaking

giovedì, marzo 29, 2018

WPSeku v0.4 - Wordpress Security Scanner

WPSeku v0.4 - Wordpress Security Scanner


WPSeku è uno scanner di vulnerabilità WordPress black box che può essere utilizzato per scansionare installazioni WordPress remote per trovare problemi di sicurezza.

Installazione:
$ git clone https://github.com/m4ll0k/WPSeku.git wpseku
$ cd wpseku
$ pip3 install -r requirements.txt
$ python3 wpseku.py
Utilizzo:


    python3 wpseku.py --url https://www.xxxxxxx.com --verbose

    Output:


    ----------------------------------------
     _ _ _ ___ ___ ___| |_ _ _ 
    | | | | . |_ -| -_| '_| | |
    |_____|  _|___|___|_,_|___|
          |_|             v0.4.0
    
    WPSeku - Wordpress Security Scanner
    by Momo Outaadi (m4ll0k)
    ----------------------------------------
    
    [ + ] Target: https://www.xxxxxxx.com
    [ + ] Starting: 02:38:51
    
    [ + ] Server: Apache
    [ + ] Uncommon header "X-Pingback" found, with contents: https://www.xxxxxxx.com/xmlrpc.php
    [ i ] Checking Full Path Disclosure...
    [ + ] Full Path Disclosure: /home/ehc/public_html/wp-includes/rss-functions.php
    [ i ] Checking wp-config backup file...
    [ + ] wp-config.php available at: https://www.xxxxxxx.com/wp-config.php
    [ i ] Checking common files...
    [ + ] robots.txt file was found at: https://www.xxxxxxx.com/robots.txt
    [ + ] xmlrpc.php file was found at: https://www.xxxxxxx.com/xmlrpc.php
    [ + ] readme.html file was found at: https://www.xxxxxxx.com/readme.html
    [ i ] Checking directory listing...
    [ + ] Dir "/wp-admin/css" listing enable at: https://www.xxxxxxx.com/wp-admin/css/
    [ + ] Dir "/wp-admin/images" listing enable at: https://www.xxxxxxx.com/wp-admin/images/
    [ + ] Dir "/wp-admin/includes" listing enable at: https://www.xxxxxxx.com/wp-admin/includes/
    [ + ] Dir "/wp-admin/js" listing enable at: https://www.xxxxxxx.com/wp-admin/js/
    ......

    Bruteforce Login:

    python3 wpseku.py --url https://www.xxxxxxx.com --brute --user test --wordlist wl.txt --verbose


    Nessun commento:

    Posta un commento

    Grazie per il tuo commento