You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

It is not easy to get an easy to use and working free Wordpress Security Scanner. In this guide, I’ll introduce a free tool called WPSeku which is written in Python. This makes it portable to any system.

From Wikipedia, A vulnerability scanner is defined as a computer program that’s designed to assess computers, computer systems, networks or applications for known weaknesses.

A vulnerability scanner is used to discover the weak points or poorly constructed parts in a system e.g vulnerabilities relating to mis-configured assets or flawed software that resides on a network-based asset such as a firewall, router, web server, application server, etc.

WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

Install WordPress Vulnerability Scanner – WPSeku

The WPSeku Wordpress Security Scanner tool requires python 3. If you don’t have it make sure to get it installed first before you continue.

# which python3
/usr/bin/python3

Once you confirm python3 is installed, install WPSeku Wordpress Security Scanner from Github.

Clone repository:

$ git clone https://github.com/m4ll0k/WPSeku.git wpseku
Cloning into 'wpseku'...
remote: Counting objects: 310, done.
remote: Compressing objects: 100% (80/80), done.
remote: Total 310 (delta 34), reused 54 (delta 12), pack-reused 216
Receiving objects: 100% (310/310), 880.00 KiB | 528.00 KiB/s, done.
Resolving deltas: 100% (163/163), done.

Change to the wpseku directory.

$ cd wpseku

Install python dependencies using pip3.

Ensure you have pip3 installed. For Ubuntu and Debian, you can install it using:

$ sudo apt-get install python3-pip

Then:

sudo pip3 install -r requirements.txt

Run wpseku.py script.

$ python3 wpseku.py

WordPress Security Scanner – WPSeku usage

Some options which can be passed to the wpseku.py script is:

-u –url Target URL (e.g: http://site.com)
-b –brute Bruteforce login via xmlrpc
-U –user Set username for bruteforce, default “admin”
-s –scan Checking WordPress plugin code
-p –proxy Use a proxy, (host:port)
-c –cookie Set HTTP Cookie header value
-a –agent Set HTTP User-agent header value
-r –ragent Use random User-agent header value
-R –redirect Set redirect target URL False
-t –timeout Seconds to wait before timeout connection
-w –wordlist Set wordlist, default “db/wordlist.txt”
-v –verbose Print more information
-h –help Show this help and exit

Let’s look at some examples.

Generic WPSeku Scan

$ python3 wpseku.py --url https://www.xxxxxxx.com --verbose

Sample output.

----------------------------------------
 _ _ _ ___ ___ ___| |_ _ _ 
| | | | . |_ -| -_| '_| | |
|_____|  _|___|___|_,_|___|
      |_|             v0.4.0

WPSeku - Wordpress Security Scanner
by Momo Outaadi (m4ll0k)
----------------------------------------

[ + ] Target: https://www.xxxxxxx.com
[ + ] Starting: 02:38:51

[ + ] Server: Apache
[ + ] Uncommon header "X-Pingback" found, with contents: https://www.xxxxxxx.com/xmlrpc.php
[ i ] Checking Full Path Disclosure...
[ + ] Full Path Disclosure: /home/ehc/public_html/wp-includes/rss-functions.php
[ i ] Checking wp-config backup file...
[ + ] wp-config.php available at: https://www.xxxxxxx.com/wp-config.php
[ i ] Checking common files...
[ + ] robots.txt file was found at: https://www.xxxxxxx.com/robots.txt
[ + ] xmlrpc.php file was found at: https://www.xxxxxxx.com/xmlrpc.php
[ + ] readme.html file was found at: https://www.xxxxxxx.com/readme.html
[ i ] Checking directory listing...
[ + ] Dir "/wp-admin/css" listing enable at: https://www.xxxxxxx.com/wp-admin/css/
[ + ] Dir "/wp-admin/images" listing enable at: https://www.xxxxxxx.com/wp-admin/images/
[ + ] Dir "/wp-admin/includes" listing enable at: https://www.xxxxxxx.com/wp-admin/includes/
[ + ] Dir "/wp-admin/js" listing enable at: https://www.xxxxxxx.com/wp-admin/js/
[ + ] WordPress login is protected by WAF
[ i ] Checking robots paths...
[ i ] Checking WordPress version...

[ i ] Passive enumeration themes...
[ + ] Not found themes with passive enumeration
[ i ] Passive enumeration plugins...
[ + ] Not found plugins with passive enumeration
[ i ] Enumerating users...
[ + ] Not found usernames...
-------------------------
| ID | Username | Login |
-------------------------
-------------------------

Scan plugin, theme and WordPress code

You can as well do a scanning for plugins, themes and WordPress code. Type:

$ python3 wpseku.py --scan <dir/file> --verbose

Where /dir is the absolute path to your WordPress installation directory. Can be the parent, plugins or themes directory.

WPSeku Bruteforce Login

To perform brute-force login attempt, first, you need a dictionary list with passwords to try against. A sample file is available on db/wordlist.txt.

$ python3 wpseku.py --url https://www.xxxxxxx.com --brute --user test --wordlist wl.txt --verbose

Replace user with WordPress username to try against and wl.txt with your passwords wordlist.

Tags:

  1. Free Wordpress Security Scanner
    WordPress Vulnerability scanner
    Check for Vulnerabilities on WordPress
    Vulnerability checks on WordPress
    Wordpress Plugins and Themes vulnerability scanner | scanning
You can support us by downloading this article as PDF from the Link below. Download the guide as PDF