swisskyrepo / wordpresscan Goto Github PK
View Code? Open in Web Editor NEWWPScan rewritten in Python + some WPSeku ideas
WPScan rewritten in Python + some WPSeku ideas
Nobody should install packages globally.
lxml
is missing in the README, it must be installed.
update it to python 3
This is a common problem that many tools which we want to distribute do not support system wide installation. Some of these tools provide their own "install.sh" or "setup.sh" with a distro specific commands (sudo apt-install) to install dependencies instead of a proper setup.py.
With a proper setup.py script, an end user can install it using the following single command:
python3 setup.py install --user. It also a distro friendly and makes life for maintainers easier.
The end result, a FHS compliant directory structure should be created.
In case if software produce any output, a local user directory should be used, such as ~.//
There are some custom cases (installing non-python packages, data files etc) which have been resolved in other packages. Bellow, are reference points on such bug reports with solutions (patches)
EDIT: #13 is kind of related, but I want to make my point clear
Hi Swissky!
Thanks for the awesome tool, unfortunately I've struggling with JSON parse error like:
/> ./wordpresscan.py -u "http://scannedsite.org/" --random-agent
...
[!] WordPress version 4.1 identified from advanced fingerprinting
Traceback (most recent call last):
File "./wordpresscan.py", line 62, in <module>
Scan_Engine(wp, results.aggressive)
File "/opt/Wordpresscan/engine/scan.py", line 16, in __init__
self.list_wp_version_vulnerabilities(wordpress, "wordpresses")
File "/opt/Wordpresscan/engine/scan.py", line 106, in list_wp_version_vulnerabilities
data = json.load(data_file)
File "/usr/lib/python2.7/json/__init__.py", line 291, in load
**kw)
File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
Software obtained thru git clone https://github.com/swisskyrepo/Wordpresscan
python version: 2.7.16+
Any ideas?
[i] Name: wysija-newsletters - v2.7.11.3
[!]RCE : MailPoet Newsletters 2.6.6 - Theme File Upload H&ling Remote Code Execution - ID:6680
| Fixed in 2.6.7
| References:
- http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
- http://www.openwall.com/lists/oss-security/2014/07/02/1
- Metasploit exploit/unix/webapp/wp_wysija_newsletters_upload
- Exploitdb 33991
- Cve 2014-4725
- Secunia 59455
[!]SQLI : Wysija Newsletters 2.2 - SQL Injection - ID:6681
| Fixed in 2.2.1
| References:
- https://www.htbridge.com/advisory/HTB23140
- http://packetstormsecurity.com/files/120089/
- http://seclists.org/bugtraq/2013/Feb/29
- http://cxsecurity.com/issue/WLB-2013020039
- Cve 2013-1408
[!]XSS : Wysija Newsletters - swfupload Cross-Site Scripting - ID:6682
| Fixed in 2.1.7
| References:
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
- Secunia 51249
[!]UNKNOWN : MailPoet Newsletters 2.6.7 - helpers/back.php page Parameter Unspecified Issue - ID:7573
| Fixed in 2.6.8
| References:
- http://www.securityfocus.com/bid/68462/
- Cve 2014-4726
[!]CSRF : MailPoet Newsletters 2.6.10 - Unspecified CSRF - ID:7574
| Fixed in 2.6.11
| References:
- Cve 2014-3907
[!]XSS : MailPoet Newsletters <= 2.6.19 - Unauthenticated Reflected Cross-Site Scripting (XSS) - ID:8373
| Fixed in 2.7
| References:
- https://www.netsparker.com/ns-16-002-xss-vulnerability-identified-in-mailpoet-newsletters/
[!]XSS : MailPoet Newsletters <= 2.7.2 - Authenticated Reflected Cross-Site Scripting (XSS) - ID:8617
| Fixed in 2.7.3
| References:
- https://sumofpwn.nl/advisory/2016/reflected_cross_site_scripting_vulnerability_in_mailpoet_newsletters_plugin.html
- http://seclists.org/fulldisclosure/2016/Sep/17
[!]SQLI : MailPoet Newsletters <= 2.7.2 - SQL Injection - ID:8618
| Fixed in 2.7.3
| References:
- https://plugins.trac.wordpress.org/changeset/1469869/wysija-newsletters
[i] Name: contact-form-7 - v4.9
[i] Name: wp-members - v3.1.9.1
[!]XSS : WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS - ID:7079
| Fixed in 2.8.10
| References:
- http://packetstormsecurity.com/files/124720/
- http://www.securityfocus.com/bid/64713/
- Secunia 56271
[!]XSS : WP-Members 2.8.9 - wp-login.php register Action Multiple Parameter Reflected XSS - ID:7080
| Fixed in 2.8.10
| References:
- http://packetstormsecurity.com/files/124720/
- http://www.securityfocus.com/bid/64713/
- Secunia 56271
[!]XSS : WP-Members <= 3.1.7 - Authenticated Cross-Site Scripting (XSS) - ID:8858
| Fixed in 3.1.8
| References:
- https://jvn.jp/en/jp/JVN51355647/index.html
- https://plugins.trac.wordpress.org/changeset/1667369/#file12
- Cve 2017-2222
why does it show me vulns of older versions even if all is up-to-date ?
can't import safeurl==0.0.7,
and whenever i run the code, it says,; "did you forget to add parenthesis"
kindly help
Hi,
What license is used for this project? We couldn't find it while reviewing your tool for our security tools section: https://linuxsecurity.expert/tools/wordpresscan/
Enumerating Wordpress users not working for sites with expired certificate
check on 30-05-2019
Exception in thread Thread-3:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 754, in run
self.__target(*self.__args, **self.__kwargs)
File "/root/Desktop/newtools/Wordpresscan/engine/brute.py", line 118, in check_pass
self.xmlrpc_check_admin(user, pwd)
File "/root/Desktop/newtools/Wordpresscan/engine/brute.py", line 123, in xmlrpc_check_admin
req = requests.post("http://127.0.0.1:8000/xmlrpc.php", data=post)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 112, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 508, in send
raise ConnectionError(e, request=request)
ConnectionError: HTTPConnectionPool(host='127.0.0.1', port=8000): Max retries exceeded with url: /xmlrpc.php (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f7e039ae550>: Failed to establish a new connection: [Errno 111] Connection refused',))
issue?
Hello im currently using this repo on my centos 6.7 , using the following command::
python main.py -u "http://teststite.com" --update --aggressive
and Im getting the following error:
python main.py -u "http://testsite.com" --update --aggressive Traceback (most recent call last): File "main.py", line 3, in <module> import requests ImportError: No module named requests
Can you please let me me know whats going on with this error? Thanks
git clone --depth=1 https://github.com/swisskyrepo/Wordpresscan.git
pip install -r requirements.txt
Installation of dependencies is correctly completed.
pwntools 3.12.0 requires capstone, which is not installed.
pwntools 3.12.0 requires psutil>=3.3.0, which is not installed.
safeurl 0.0.7 has requirement requests==2.7.0, but you'll have requests 2.18.4 which is incompatible.
Hi,
Please could you update the WPScan license that you are hosting as it shows as garbled when downloading - https://github.com/swisskyrepo/Wordpresscan/blob/master/database/LICENSE
Thanks!
Ryan
When I do a scan I get some results, but then this error pops up:
I am on Kali version 2019.4.
Traceback (most recent call last):
File "wordpresscan.py", line 62, in
Scan_Engine(wp, results.aggressive)
File "/opt/Wordpresscan/engine/scan.py", line 16, in init
self.list_wp_version_vulnerabilities(wordpress, "wordpresses")
File "/opt/Wordpresscan/engine/scan.py", line 106, in list_wp_version_vulnerabilities
data = json.load(data_file)
File "/usr/lib/python2.7/json/init.py", line 291, in load
**kw)
File "/usr/lib/python2.7/json/init.py", line 339, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
please add a url schema detection
like -u xxxx.com
so it detects if http:// or https:// missing and follow redirects to the right url.
Hi i'm unable to update the wordpress scanner
the error is down below
i think the main problem is this : gzip: database/user-agents.txt.gz: not in gzip format
Thnks for the hel my machine : ubutnu 18.04 ,x64
$ python wordpresscan.py -u"http://social.ford.it" --update --random-agent
_______________________________________________________________
_ _ _
| | | | | |
| | | | ___ _ __ __| |_ __ _ __ ___ ___ ___ ___ __ _ _ __
| |/\| |/ _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|/ __/ _` | '_ \
\ /\ / (_) | | | (_| | |_) | | | __/\__ \__ \ (_| (_| | | | |
\/ \/ \___/|_| \__,_| .__/|_| \___||___/___/\___\__,_|_| |_|
| |
|_|
WordPress scanner based on wpscan work - @pentest_swissky
_______________________________________________________________
Updating database - Last update: Tue Oct 9 12:33:59 2018
Downloading local_vulnerable_files.xml File updated !
Downloading local_vulnerable_files.xsd File updated !
Downloading timthumbs.txt File updated !
Downloading user-agents.txt File updated !
Downloading wp_versions.xml File updated !
Downloading wp_versions.xsd File updated !
Downloading wordpresses.json File updated !
Downloading plugins.json File updated !
Downloading themes.json File updated !
Downloaded : 1.45 Mo
gzip: database/user-agents.txt.gz: not in gzip format
gzip: database/timthumbs.txt.gz: not in gzip format
[+] URL: http://social.ford.it
Traceback (most recent call last):
File "wordpresscan.py", line 53, in <module>
wp = Wordpress(format_url(results.url), results.random_agent, results.nocheck, results.max_threads)
File "/home/marco/Desktop/burp/Wordpresscan-master/engine/wordpress.py", line 24, in __init__
self.random_agent()
File "/home/marco/Desktop/burp/Wordpresscan-master/engine/wordpress.py", line 55, in random_agent
with open('database/user-agents.txt','r') as f:
IOError: [Errno 2] No such file or directory: 'database/user-agents.txt'
I am getting this error
File "D:\pentest\Wordpresscan\main.py", line 15
print "_______________________________________________________________ "
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("_______________________________________________________________ ")?
Hey @swisskyrepo can you convert this project to python3 bcoz python2 is dead now ?
can you support termux
? thx!
https://play.google.com/store/apps/details?id=com.termux
$ python2 -m pip install -r requirements.txt
...
Running setup.py install for tornado ... done
Running setup.py install for pycparser ... done
Running setup.py install for cffi ... done
Running setup.py install for mako ... done
Running setup.py install for pyelftools ... done
Running setup.py install for capstone ... done
Running setup.py install for scandir ... done
Running setup.py install for filelock ... done
Running setup.py install for pypandoc ... done
Running setup.py install for psutil ... done
Running setup.py install for intervaltree ... done
Running setup.py install for unicorn ... error
ERROR: Command errored out with exit status 1:
command: /data/data/com.termux/files/usr/bin/python2 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/data/data/com.termux/files/usr/tmp/pip-install-SWRzrj/unicorn/setup.py'"'"'; __file__='"'"'/data/data/com.termux/files/usr/tmp/pip-install-SWRzrj/unicorn/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /data/data/com.termux/files/usr/tmp/pip-record-8LSfus/install-record.txt --single-version-externally-managed --compile
cwd: /data/data/com.termux/files/usr/tmp/pip-install-SWRzrj/unicorn/
Complete output (12 lines):
running install
running build
Building C extensions
cd qemu && \
./configure --cc="cc" --extra-cflags="-DUNICORN_HAS_X86 -DUNICORN_HAS_ARM -DUNICORN_HAS_ARMEB -DUNICORN_HAS_M68K -DUNICORN_HAS_ARM64 -DUNICORN_HAS_MIPS -DUNICORN_HAS_MIPSEL -DUNICORN_HAS_MIPS64 -DUNICORN_HAS_MIPS64EL -DUNICORN_HAS_SPARC -fPIC -fvisibility=hidden" --target-list="x86_64-softmmu, arm-softmmu, armeb-softmmu, m68k-softmmu, aarch64-softmmu, mips-softmmu, mipsel-softmmu, mips64-softmmu, mips64el-softmmu, sparc-softmmu,sparc64-softmmu,"
ERROR: Cannot use 'python', Python 2.4 or later is required.
Note that Python 3 or later is not yet supported.
Use --python=/path/to/python to specify a supported Python.
make: *** [Makefile:214: qemu/config-host.h-timestamp] Error 1
error: [Errno 2] No such file or directory: 'libunicorn.so'
----------------------------------------
ERROR: Command errored out with exit status 1: /data/data/com.termux/files/usr/bin/python2 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/data/data/com.termux/files/usr/tmp/pip-install-SWRzrj/unicorn/setup.py'"'"'; __file__='"'"'/data/data/com.termux/files/usr/tmp/pip-install-SWRzrj/unicorn/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /data/data/com.termux/files/usr/tmp/pip-record-8LSfus/install-record.txt --single-version-externally-managed --compile Check the logs for full command output.
$
Hi,
To have up to date vulnerabilities within this tool, can you add support for WPVulnDB API v3, please?
API Docs:
Users will need to register and use their API key.
Thanks,
Ryan
cmd:
python main.py -u "http://WWW.SITE.EXAMPLE" --update --random-agent
StackTrace:
Traceback (most recent call last):
File "main.py", line 56, in
Scan_Engine(wp, results.aggressive)
File "/home/App/Wordpresscan/engine/scan.py", line 19, in init
self.enumerating_plugins_passive(wordpress)
File "/home/App/Wordpresscan/engine/scan.py", line 188, in enumerating_plugins_passive
display_vulnerable_component(plugin_name, plugin_version, "plugins")
File "/home/App/Wordpresscan/engine/core.py", line 182, in display_vulnerable_component
if is_lower(version, data[name]['latest_version'], False):
File "/home/App/Wordpresscan/engine/core.py", line 144, in is_lower
if len(str_two) < 5:
TypeError: object of type 'NoneType' has no len()
Traceback (most recent call last):
File "main.py", line 11, in <module>
from requests.packages.urllib3.exceptions import InsecureRequestWarning
ImportError: cannot import name InsecureRequestWarning
Hi,
Would it be possible to implement a login when redirection to a login page is detected?
Thx
WordPress scanner based on wpscan work - @pentest_swissky
[+] URL: https://ABC.com
[+] robots.txt available under: https://ABC.com/robots.txt
[+] Interesting entry from robots.txt: Disallow: /wp-content
[+] sitemap.xml available under: https://ABC.com/sitemap.xml
[+] license.txt available under: https://ABC.com/license.txt
Traceback (most recent call last):
File "wordpresscan.py", line 62, in
Scan_Engine(wp, results.aggressive)
File "/home/kali/Desktop/Wordpresscan/engine/scan.py", line 15, in init
self.fingerprint_wp_version(wordpress)
File "/home/kali/Desktop/Wordpresscan/engine/scan.py", line 96, in fingerprint_wp_version
self.fingerprint_wp_version_hash_based(wordpress)
File "/home/kali/Desktop/Wordpresscan/engine/scan.py", line 58, in fingerprint_wp_version_hash_based
tree = etree.parse("database/wp_versions.xml")
File "src/lxml/etree.pyx", line 3444, in lxml.etree.parse (src/lxml/etree.c:83170)
File "src/lxml/parser.pxi", line 1834, in lxml.etree._parseDocument (src/lxml/etree.c:120742)
File "src/lxml/parser.pxi", line 1860, in lxml.etree._parseDocumentFromURL (src/lxml/etree.c:121089)
File "src/lxml/parser.pxi", line 1764, in lxml.etree._parseDocFromFile (src/lxml/etree.c:119997)
File "src/lxml/parser.pxi", line 1161, in lxml.etree._BaseParser._parseDocFromFile (src/lxml/etree.c:114546)
File "src/lxml/parser.pxi", line 598, in lxml.etree._ParserContext._handleParseResultDoc (src/lxml/etree.c:107723)
File "src/lxml/parser.pxi", line 709, in lxml.etree._handleParseResult (src/lxml/etree.c:109432)
File "src/lxml/parser.pxi", line 638, in lxml.etree._raiseParseError (src/lxml/etree.c:108286)
File "database/wp_versions.xml", line 32
lxml.etree.XMLSyntaxError: Entity 'bull' not defined, line 32, column 72
req = requests.post("http://127.0.0.1:8000/xmlrpc.php", data=post)
Brute-force crashes because WP is not running at http://127.0.0.1:8000/
I am testing my domain bluebird.com.sv and program breaks with following error
[i] Enumerating Wordpress users
Traceback (most recent call last):
File "main.py", line 52, in
wp = Wordpress(format_url(results.url), results.random_agent, results.nocheck, results.max_threads)
File "/root/Tools/Wordpresscan/engine/wordpress.py", line 35, in init
self.enum_wordpress_users()
add output logging
xml / json / log/txt
and maybe an all over stats like:
SQLi[5]
XSS[4]
etc.
im stuck on this command
python installer.py
python: can't open file 'installer.py': [Errno 2] No such file or directory
I did all these steps
https://www.youtube.com/watch?v=a1obUshefQI
Anyone know how to solve this?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.