Wordpresscan/README.md

# Wordpresscan
A simple Wordpress scanner written in python based on the work of WPScan (Ruby version)

## Disclaimer
```
The author of this github is not responsible for misuse or for any damage that you may cause!
You agree that you use this software at your own risk.
```


## Install & Launch
Dependencies
```
pip install requests
pip install tornado
```

Install
```bash
git clone https://github.com/swisskyrepo/Wordpresscan.git
cd Wordpresscan
```

Example 1 : Basic update and scan of a wordpress
```
python main.py -u "http://localhost/wordpress" --update --random-agent

-u : Url of the WordPress
--update : Update the wpscan database
--aggressive : Launch an aggressive version to scan for plugins/themes
--random-agent : Use a random user-agent for this session
```

Example 2 : Basic bruteforce
```
python main.py -u "http://127.0.0.1/wordpress/" --brute fuzz/wordlist.lst
python main.py -u "http://127.0.0.1/wordpress/" --brute admin

--brute file.lst : Will bruteforce every username and their password
--brute username : Will bruteforce the password for the given username
it will also try to bruteforce the password for the detected users.
```

Example 3 : Thinking is overrated, this is aggressive, mostly not advised!
```
python main.py -u "http://127.0.0.1/wordpress/" --fuzz

[i] Enumerating components from aggressive fuzzing ...
[i] File: http://127.0.0.1/wordpress/license.txt - found
[i] File: http://127.0.0.1/wordpress/readme.html - found
[i] File: http://127.0.0.1/wordpress/wp-admin/admin-footer.php - found
[i] File: http://127.0.0.1/wordpress/wp-admin/css/ - found
[i] File: http://127.0.0.1/wordpress/wp-admin/admin-ajax.php - found
[i] File: http://127.0.0.1/wordpress/wp-activate.php - found
--fuzz :  Will fuzz the website in order to detect as much file, themes and plugins as possible
```

## Output example from a test environment
![alt tag](https://github.com/swisskyrepo/Wordpresscan/blob/master/screens/Version%204.4.7.png?raw=true)


## Credits and Contributor
* Original idea and script from [WPScan Team](https://wpscan.org/)
Project basic architecture 2017-02-18 22:31:11 +00:00			`# Wordpresscan`
Readme update 2017-02-27 14:51:35 +00:00			`A simple Wordpress scanner written in python based on the work of WPScan (Ruby version)`
Project basic architecture 2017-02-18 22:31:11 +00:00
Wordpress vulnerability list based on WP version 2017-02-25 00:36:59 +00:00			`## Disclaimer`
			```
			`The author of this github is not responsible for misuse or for any damage that you may cause!`
			`You agree that you use this software at your own risk.`
			```

README update output + Screenshots 2017-02-25 22:48:28 +00:00
Project basic architecture 2017-02-18 22:31:11 +00:00			`## Install & Launch`
README update : dependencies 2017-03-03 13:25:06 +00:00			`Dependencies`
README update : dependencies 2017-03-03 13:24:07 +00:00			```
			`pip install requests`
			`pip install tornado`
			```

README update : dependencies 2017-03-03 13:25:06 +00:00			`Install`
Ping,readme,debuglog and backup file detection 2017-02-23 11:00:48 +00:00			```bash
Project basic architecture 2017-02-18 22:31:11 +00:00			`git clone https://github.com/swisskyrepo/Wordpresscan.git`
			`cd Wordpresscan`
Basic bruteforce for user/pass 2017-06-10 18:58:40 +00:00			```

			`Example 1 : Basic update and scan of a wordpress`
			```
Random User-Agent added with 'random-agent' param 2017-03-05 15:58:15 +00:00			`python main.py -u "http://localhost/wordpress" --update --random-agent`
README update : command line for basic run 2017-03-03 13:27:54 +00:00
Aggressive scan added --aggressive 2017-02-27 14:50:11 +00:00			`-u : Url of the WordPress`
			`--update : Update the wpscan database`
			`--aggressive : Launch an aggressive version to scan for plugins/themes`
Random User-Agent added with 'random-agent' param 2017-03-05 15:58:15 +00:00			`--random-agent : Use a random user-agent for this session`
Wordpress vulnerability list based on WP version 2017-02-25 00:36:59 +00:00			```

Basic bruteforce for user/pass 2017-06-10 18:58:40 +00:00			`Example 2 : Basic bruteforce`
			```
			`python main.py -u "http://127.0.0.1/wordpress/" --brute fuzz/wordlist.lst`
			`python main.py -u "http://127.0.0.1/wordpress/" --brute admin`

			`--brute file.lst : Will bruteforce every username and their password`
			`--brute username : Will bruteforce the password for the given username`
			`it will also try to bruteforce the password for the detected users.`
			```

			`Example 3 : Thinking is overrated, this is aggressive, mostly not advised!`
			```
			`python main.py -u "http://127.0.0.1/wordpress/" --fuzz`

			`[i] Enumerating components from aggressive fuzzing ...`
			`[i] File: http://127.0.0.1/wordpress/license.txt - found`
			`[i] File: http://127.0.0.1/wordpress/readme.html - found`
			`[i] File: http://127.0.0.1/wordpress/wp-admin/admin-footer.php - found`
			`[i] File: http://127.0.0.1/wordpress/wp-admin/css/ - found`
			`[i] File: http://127.0.0.1/wordpress/wp-admin/admin-ajax.php - found`
			`[i] File: http://127.0.0.1/wordpress/wp-activate.php - found`
			`--fuzz : Will fuzz the website in order to detect as much file, themes and plugins as possible`
			```

README update output + Screenshots 2017-02-25 22:54:00 +00:00			`## Output example from a test environment`
			`![alt tag](https://github.com/swisskyrepo/Wordpresscan/blob/master/screens/Version%204.4.7.png?raw=true)`


Wordpress vulnerability list based on WP version 2017-02-25 00:36:59 +00:00			`## Credits and Contributor`
Basic bruteforce for user/pass 2017-06-10 18:58:40 +00:00			`* Original idea and script from [WPScan Team](https://wpscan.org/)`