You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

It is not easy to get an easy to use and working free Wordpress Security Scanner. In this guide, I’ll introduce a free tool called WPSeku which is written in Python. This makes it portable to any system.

From Wikipedia, A vulnerability scanner is defined as a computer program that’s designed to assess computers, computer systems, networks or applications for known weaknesses.

A vulnerability scanner is used to discover the weak points or poorly constructed parts in a system e.g vulnerabilities relating to mis-configured assets or flawed software that resides on a network-based asset such as a firewall, router, web server, application server, etc.

WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

Install WordPress Vulnerability Scanner – WPSeku

The WPSeku Wordpress Security Scanner tool requires python 3. If you don’t have it make sure to get it installed first before you continue.

# which python3
/usr/bin/python3

Once you confirm python3 is installed, install WPSeku Wordpress Security Scanner from Github.

Clone repository:

[pastacode lang=”bash” manual=”%24%20git%20clone%20https%3A%2F%2Fgithub.com%2Fm4ll0k%2FWPSeku.git%20wpseku%0ACloning%20into%20’wpseku’…%0Aremote%3A%20Counting%20objects%3A%20310%2C%20done.%0Aremote%3A%20Compressing%20objects%3A%20100%25%20(80%2F80)%2C%20done.%0Aremote%3A%20Total%20310%20(delta%2034)%2C%20reused%2054%20(delta%2012)%2C%20pack-reused%20216%0AReceiving%20objects%3A%20100%25%20(310%2F310)%2C%20880.00%20KiB%20%7C%20528.00%20KiB%2Fs%2C%20done.%0AResolving%20deltas%3A%20100%25%20(163%2F163)%2C%20done.” message=”” highlight=”” provider=”manual”/]

Change to the wpseku directory.

[pastacode lang=”bash” manual=”%24%20cd%20wpseku” message=”” highlight=”” provider=”manual”/]

Install python dependencies using pip3.

Ensure you have pip3 installed. For Ubuntu and Debian, you can install it using:

[pastacode lang=”bash” manual=”%24%20sudo%20apt-get%20install%20python3-pip” message=”” highlight=”” provider=”manual”/]

Then:

[pastacode lang=”python” manual=”sudo%20pip3%20install%20-r%20requirements.txt” message=”” highlight=”” provider=”manual”/]

Run wpseku.py script.

[pastacode lang=”python” manual=”%24%20python3%20wpseku.py” message=”” highlight=”” provider=”manual”/]

WordPress Security Scanner – WPSeku usage

Some options which can be passed to the wpseku.py script is:

-u –url Target URL (e.g: http://site.com)
-b –brute Bruteforce login via xmlrpc
-U –user Set username for bruteforce, default “admin”
-s –scan Checking WordPress plugin code
-p –proxy Use a proxy, (host:port)
-c –cookie Set HTTP Cookie header value
-a –agent Set HTTP User-agent header value
-r –ragent Use random User-agent header value
-R –redirect Set redirect target URL False
-t –timeout Seconds to wait before timeout connection
-w –wordlist Set wordlist, default “db/wordlist.txt”
-v –verbose Print more information
-h –help Show this help and exit

Let’s look at some examples.

Generic WPSeku Scan

[pastacode lang=”bash” manual=”%24%20python3%20wpseku.py%20–url%20https%3A%2F%2Fwww.xxxxxxx.com%20–verbose” message=”” highlight=”” provider=”manual”/]

Sample output.

[pastacode lang=”bash” manual=”—————————————-%0A%20_%20_%20_%20___%20___%20___%7C%20%7C_%20_%20_%20%0A%7C%20%7C%20%7C%20%7C%20.%20%7C_%20-%7C%20-_%7C%20’_%7C%20%7C%20%7C%0A%7C_____%7C%20%20_%7C___%7C___%7C_%2C_%7C___%7C%0A%20%20%20%20%20%20%7C_%7C%20%20%20%20%20%20%20%20%20%20%20%20%20v0.4.0%0A%0AWPSeku%20-%20Wordpress%20Security%20Scanner%0Aby%20Momo%20Outaadi%20(m4ll0k)%0A—————————————-%0A%0A%5B%20%2B%20%5D%20Target%3A%20https%3A%2F%2Fwww.xxxxxxx.com%0A%5B%20%2B%20%5D%20Starting%3A%2002%3A38%3A51%0A%0A%5B%20%2B%20%5D%20Server%3A%20Apache%0A%5B%20%2B%20%5D%20Uncommon%20header%20%22X-Pingback%22%20found%2C%20with%20contents%3A%20https%3A%2F%2Fwww.xxxxxxx.com%2Fxmlrpc.php%0A%5B%20i%20%5D%20Checking%20Full%20Path%20Disclosure…%0A%5B%20%2B%20%5D%20Full%20Path%20Disclosure%3A%20%2Fhome%2Fehc%2Fpublic_html%2Fwp-includes%2Frss-functions.php%0A%5B%20i%20%5D%20Checking%20wp-config%20backup%20file…%0A%5B%20%2B%20%5D%20wp-config.php%20available%20at%3A%20https%3A%2F%2Fwww.xxxxxxx.com%2Fwp-config.php%0A%5B%20i%20%5D%20Checking%20common%20files…%0A%5B%20%2B%20%5D%20robots.txt%20file%20was%20found%20at%3A%20https%3A%2F%2Fwww.xxxxxxx.com%2Frobots.txt%0A%5B%20%2B%20%5D%20xmlrpc.php%20file%20was%20found%20at%3A%20https%3A%2F%2Fwww.xxxxxxx.com%2Fxmlrpc.php%0A%5B%20%2B%20%5D%20readme.html%20file%20was%20found%20at%3A%20https%3A%2F%2Fwww.xxxxxxx.com%2Freadme.html%0A%5B%20i%20%5D%20Checking%20directory%20listing…%0A%5B%20%2B%20%5D%20Dir%20%22%2Fwp-admin%2Fcss%22%20listing%20enable%20at%3A%20https%3A%2F%2Fwww.xxxxxxx.com%2Fwp-admin%2Fcss%2F%0A%5B%20%2B%20%5D%20Dir%20%22%2Fwp-admin%2Fimages%22%20listing%20enable%20at%3A%20https%3A%2F%2Fwww.xxxxxxx.com%2Fwp-admin%2Fimages%2F%0A%5B%20%2B%20%5D%20Dir%20%22%2Fwp-admin%2Fincludes%22%20listing%20enable%20at%3A%20https%3A%2F%2Fwww.xxxxxxx.com%2Fwp-admin%2Fincludes%2F%0A%5B%20%2B%20%5D%20Dir%20%22%2Fwp-admin%2Fjs%22%20listing%20enable%20at%3A%20https%3A%2F%2Fwww.xxxxxxx.com%2Fwp-admin%2Fjs%2F%0A%5B%20%2B%20%5D%20WordPress%20login%20is%20protected%20by%20WAF%0A%5B%20i%20%5D%20Checking%20robots%20paths…%0A%5B%20i%20%5D%20Checking%20WordPress%20version…%0A%0A%5B%20i%20%5D%20Passive%20enumeration%20themes…%0A%5B%20%2B%20%5D%20Not%20found%20themes%20with%20passive%20enumeration%0A%5B%20i%20%5D%20Passive%20enumeration%20plugins…%0A%5B%20%2B%20%5D%20Not%20found%20plugins%20with%20passive%20enumeration%0A%5B%20i%20%5D%20Enumerating%20users…%0A%5B%20%2B%20%5D%20Not%20found%20usernames…%0A————————-%0A%7C%20ID%20%7C%20Username%20%7C%20Login%20%7C%0A————————-%0A————————-” message=”” highlight=”” provider=”manual”/]

Scan plugin, theme and WordPress code

You can as well do a scanning for plugins, themes and WordPress code. Type:

$ python3 wpseku.py --scan <dir/file> --verbose

Where /dir is the absolute path to your WordPress installation directory. Can be the parent, plugins or themes directory.

WPSeku Bruteforce Login

To perform brute-force login attempt, first, you need a dictionary list with passwords to try against. A sample file is available on db/wordlist.txt.

[pastacode lang=”bash” manual=”%24%20python3%20wpseku.py%20–url%20https%3A%2F%2Fwww.xxxxxxx.com%20–brute%20–user%20test%20–wordlist%20wl.txt%20–verbose%0A” message=”” highlight=”” provider=”manual”/]

Replace user with WordPress username to try against and wl.txt with your passwords wordlist.

Tags:

  1. Free Wordpress Security Scanner
    WordPress Vulnerability scanner
    Check for Vulnerabilities on WordPress
    Vulnerability checks on WordPress
    Wordpress Plugins and Themes vulnerability scanner | scanning
You can support us by downloading this article as PDF from the Link below. Download the guide as PDF