WPSeku - Simple Wordpress Security Scanner


WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

Usage
                           _             
__ ___ __ ___ ___| | ___ _
\ \ /\ / / '_ \/ __|/ _ \ |/ / | | |
\ V V /| |_) \__ \ __/ <| |_| |
\_/\_/ | .__/|___/\___|_|\_\\__,_|
|_|
[--] WPSeku - Wordpress Security Scanner
[--] WPSeku - v0.1.0
[--] Momo Outaadi (@M4ll0k)
[--] https://github.com/m4ll0k/WPSeku

Usage: wpseku.py --url URL

-u --url Site URL (e.g: http://site.com)
-e --enum
[u: Usernames Enumeration
-p --plugin
[x: Search Cross Site Scripting vuln
[l: Search Local File Inclusion vuln
[s: Search SQL Injection vuln
-t --theme
[x: Search Cross Site Scripting vuln
[l: Search Local File Inclusion vuln
[s: Search SQL Injection vuln
-b --brute
[l: Bruteforce password login
[x: Bruteforce password login via XML-RPC
--user Set username, try with enum users
--wordlist Set wordlist
-h --help Show this help and exit
Examples:
wpseku.py -u www.site.com
wpseku.py -u www.site.com -e [u]
wpseku.py -u site.com/path/wp-content/plugins/wp/wp.php?id= -p [x,l,s]
wpseku.py -u site.com --user test --wordlist dict.txt -b [l,x]

Screenshot


Disqus Comments