swisskyrepo / wordpresscan Goto Github PK

Nobody should install packages globally.

lxml is missing in the README, it must be installed.

update it to python 3

This is a common problem that many tools which we want to distribute do not support system wide installation. Some of these tools provide their own "install.sh" or "setup.sh" with a distro specific commands (sudo apt-install) to install dependencies instead of a proper setup.py.
With a proper setup.py script, an end user can install it using the following single command:
python3 setup.py install --user. It also a distro friendly and makes life for maintainers easier.

The end result, a FHS compliant directory structure should be created.
In case if software produce any output, a local user directory should be used, such as ~.//

There are some custom cases (installing non-python packages, data files etc) which have been resolved in other packages. Bellow, are reference points on such bug reports with solutions (patches)

pentoo/pentoo-overlay#596

EDIT: #13 is kind of related, but I want to make my point clear

Hi Swissky!
Thanks for the awesome tool, unfortunately I've struggling with JSON parse error like:

/> ./wordpresscan.py -u "http://scannedsite.org/" --random-agent
...
[!] WordPress version 4.1 identified from advanced fingerprinting
Traceback (most recent call last):
  File "./wordpresscan.py", line 62, in <module>
    Scan_Engine(wp, results.aggressive)
  File "/opt/Wordpresscan/engine/scan.py", line 16, in __init__
    self.list_wp_version_vulnerabilities(wordpress, "wordpresses")
  File "/opt/Wordpresscan/engine/scan.py", line 106, in list_wp_version_vulnerabilities
    data = json.load(data_file)
  File "/usr/lib/python2.7/json/__init__.py", line 291, in load
    **kw)
  File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python2.7/json/decoder.py", line 364, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
    raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded

Software obtained thru git clone https://github.com/swisskyrepo/Wordpresscan
python version: 2.7.16+
Any ideas?

[i] Name: wysija-newsletters - v2.7.11.3
[!]RCE : MailPoet Newsletters 2.6.6 - Theme File Upload H&ling Remote Code Execution - ID:6680
| Fixed in 2.6.7
| References:
- http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
- http://www.openwall.com/lists/oss-security/2014/07/02/1
- Metasploit exploit/unix/webapp/wp_wysija_newsletters_upload
- Exploitdb 33991
- Cve 2014-4725
- Secunia 59455
[!]SQLI : Wysija Newsletters 2.2 - SQL Injection - ID:6681
| Fixed in 2.2.1
| References:
- https://www.htbridge.com/advisory/HTB23140
- http://packetstormsecurity.com/files/120089/
- http://seclists.org/bugtraq/2013/Feb/29
- http://cxsecurity.com/issue/WLB-2013020039
- Cve 2013-1408
[!]XSS : Wysija Newsletters - swfupload Cross-Site Scripting - ID:6682
| Fixed in 2.1.7
| References:
- http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
- Secunia 51249
[!]UNKNOWN : MailPoet Newsletters 2.6.7 - helpers/back.php page Parameter Unspecified Issue - ID:7573
| Fixed in 2.6.8
| References:
- http://www.securityfocus.com/bid/68462/
- Cve 2014-4726
[!]CSRF : MailPoet Newsletters 2.6.10 - Unspecified CSRF - ID:7574
| Fixed in 2.6.11
| References:
- Cve 2014-3907
[!]XSS : MailPoet Newsletters <= 2.6.19 - Unauthenticated Reflected Cross-Site Scripting (XSS) - ID:8373
| Fixed in 2.7
| References:
- https://www.netsparker.com/ns-16-002-xss-vulnerability-identified-in-mailpoet-newsletters/
[!]XSS : MailPoet Newsletters <= 2.7.2 - Authenticated Reflected Cross-Site Scripting (XSS) - ID:8617
| Fixed in 2.7.3
| References:
- https://sumofpwn.nl/advisory/2016/reflected_cross_site_scripting_vulnerability_in_mailpoet_newsletters_plugin.html
- http://seclists.org/fulldisclosure/2016/Sep/17
[!]SQLI : MailPoet Newsletters <= 2.7.2 - SQL Injection - ID:8618
| Fixed in 2.7.3
| References:
- https://plugins.trac.wordpress.org/changeset/1469869/wysija-newsletters
[i] Name: contact-form-7 - v4.9
[i] Name: wp-members - v3.1.9.1
[!]XSS : WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS - ID:7079
| Fixed in 2.8.10
| References:
- http://packetstormsecurity.com/files/124720/
- http://www.securityfocus.com/bid/64713/
- Secunia 56271
[!]XSS : WP-Members 2.8.9 - wp-login.php register Action Multiple Parameter Reflected XSS - ID:7080
| Fixed in 2.8.10
| References:
- http://packetstormsecurity.com/files/124720/
- http://www.securityfocus.com/bid/64713/
- Secunia 56271
[!]XSS : WP-Members <= 3.1.7 - Authenticated Cross-Site Scripting (XSS) - ID:8858
| Fixed in 3.1.8
| References:
- https://jvn.jp/en/jp/JVN51355647/index.html
- https://plugins.trac.wordpress.org/changeset/1667369/#file12
- Cve 2017-2222

why does it show me vulns of older versions even if all is up-to-date ?

can't import safeurl==0.0.7,

and whenever i run the code, it says,; "did you forget to add parenthesis"

kindly help

Hi,

What license is used for this project? We couldn't find it while reviewing your tool for our security tools section: https://linuxsecurity.expert/tools/wordpresscan/

Enumerating Wordpress users not working for sites with expired certificate

check on 30-05-2019

https://www.wcentrum.org/

Exception in thread Thread-3:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 754, in run
self.__target(*self.__args, **self.__kwargs)
File "/root/Desktop/newtools/Wordpresscan/engine/brute.py", line 118, in check_pass
self.xmlrpc_check_admin(user, pwd)
File "/root/Desktop/newtools/Wordpresscan/engine/brute.py", line 123, in xmlrpc_check_admin
req = requests.post("http://127.0.0.1:8000/xmlrpc.php", data=post)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 112, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 508, in send
raise ConnectionError(e, request=request)
ConnectionError: HTTPConnectionPool(host='127.0.0.1', port=8000): Max retries exceeded with url: /xmlrpc.php (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f7e039ae550>: Failed to establish a new connection: [Errno 111] Connection refused',))
issue?

Hello im currently using this repo on my centos 6.7 , using the following command::
python main.py -u "http://teststite.com" --update --aggressive
and Im getting the following error:

python main.py -u "http://testsite.com" --update --aggressive Traceback (most recent call last): File "main.py", line 3, in <module> import requests ImportError: No module named requests

Can you please let me me know whats going on with this error? Thanks

Steps:

1. git clone --depth=1 https://github.com/swisskyrepo/Wordpresscan.git
2. pip install -r requirements.txt

Expected result:

Installation of dependencies is correctly completed.

Current result:

pwntools 3.12.0 requires capstone, which is not installed.
pwntools 3.12.0 requires psutil>=3.3.0, which is not installed.
safeurl 0.0.7 has requirement requests==2.7.0, but you'll have requests 2.18.4 which is incompatible.

Hi,

Please could you update the WPScan license that you are hosting as it shows as garbled when downloading - https://github.com/swisskyrepo/Wordpresscan/blob/master/database/LICENSE

Thanks!
Ryan

When I do a scan I get some results, but then this error pops up:
I am on Kali version 2019.4.

Traceback (most recent call last):
File "wordpresscan.py", line 62, in
Scan_Engine(wp, results.aggressive)
File "/opt/Wordpresscan/engine/scan.py", line 16, in init
self.list_wp_version_vulnerabilities(wordpress, "wordpresses")
File "/opt/Wordpresscan/engine/scan.py", line 106, in list_wp_version_vulnerabilities
data = json.load(data_file)
File "/usr/lib/python2.7/json/init.py", line 291, in load
**kw)
File "/usr/lib/python2.7/json/init.py", line 339, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded

please add a url schema detection

like -u xxxx.com
so it detects if http:// or https:// missing and follow redirects to the right url.

Hi i'm unable to update the wordpress scanner
the error is down below
i think the main problem is this : gzip: database/user-agents.txt.gz: not in gzip format
Thnks for the hel my machine : ubutnu 18.04 ,x64

$ python wordpresscan.py -u"http://social.ford.it"  --update --random-agent
_______________________________________________________________ 
 _    _               _                                         
| |  | |             | |                                        
| |  | | ___  _ __ __| |_ __  _ __ ___  ___ ___  ___ __ _ _ __  
| |/\| |/ _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|/ __/ _` | '_ \ 
\  /\  / (_) | | | (_| | |_) | | |  __/\__ \__ \ (_| (_| | | | |
 \/  \/ \___/|_|  \__,_| .__/|_|  \___||___/___/\___\__,_|_| |_|
                       | |                                      
                       |_|                                      
 WordPress scanner based on wpscan work - @pentest_swissky      
_______________________________________________________________ 
Updating database - Last update: Tue Oct  9 12:33:59 2018
	Downloading local_vulnerable_files.xml File updated !
	Downloading local_vulnerable_files.xsd File updated !
	Downloading timthumbs.txt File updated !
	Downloading user-agents.txt File updated !
	Downloading wp_versions.xml File updated !
	Downloading wp_versions.xsd File updated !
	Downloading wordpresses.json File updated !
	Downloading plugins.json File updated !
	Downloading themes.json File updated !
	Downloaded : 1.45 Mo
gzip: database/user-agents.txt.gz: not in gzip format

gzip: database/timthumbs.txt.gz: not in gzip format
[+] URL: http://social.ford.it
Traceback (most recent call last):
  File "wordpresscan.py", line 53, in <module>
    wp = Wordpress(format_url(results.url), results.random_agent, results.nocheck, results.max_threads)
  File "/home/marco/Desktop/burp/Wordpresscan-master/engine/wordpress.py", line 24, in __init__
    self.random_agent()
  File "/home/marco/Desktop/burp/Wordpresscan-master/engine/wordpress.py", line 55, in random_agent
    with open('database/user-agents.txt','r') as f:
IOError: [Errno 2] No such file or directory: 'database/user-agents.txt'

I am getting this error

File "D:\pentest\Wordpresscan\main.py", line 15
print "_______________________________________________________________ "
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("_______________________________________________________________ ")?

Hey @swisskyrepo can you convert this project to python3 bcoz python2 is dead now ?

can you support termux? thx!
https://play.google.com/store/apps/details?id=com.termux

$ python2 -m pip install -r requirements.txt
...
  Running setup.py install for tornado ... done
  Running setup.py install for pycparser ... done
  Running setup.py install for cffi ... done
  Running setup.py install for mako ... done
  Running setup.py install for pyelftools ... done
  Running setup.py install for capstone ... done
  Running setup.py install for scandir ... done
  Running setup.py install for filelock ... done
  Running setup.py install for pypandoc ... done
  Running setup.py install for psutil ... done
  Running setup.py install for intervaltree ... done
  Running setup.py install for unicorn ... error
    ERROR: Command errored out with exit status 1:
     command: /data/data/com.termux/files/usr/bin/python2 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/data/data/com.termux/files/usr/tmp/pip-install-SWRzrj/unicorn/setup.py'"'"'; __file__='"'"'/data/data/com.termux/files/usr/tmp/pip-install-SWRzrj/unicorn/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /data/data/com.termux/files/usr/tmp/pip-record-8LSfus/install-record.txt --single-version-externally-managed --compile
         cwd: /data/data/com.termux/files/usr/tmp/pip-install-SWRzrj/unicorn/
    Complete output (12 lines):
    running install
    running build
    Building C extensions
    cd qemu && \
    ./configure --cc="cc" --extra-cflags="-DUNICORN_HAS_X86 -DUNICORN_HAS_ARM -DUNICORN_HAS_ARMEB -DUNICORN_HAS_M68K -DUNICORN_HAS_ARM64 -DUNICORN_HAS_MIPS -DUNICORN_HAS_MIPSEL -DUNICORN_HAS_MIPS64 -DUNICORN_HAS_MIPS64EL -DUNICORN_HAS_SPARC -fPIC -fvisibility=hidden" --target-list="x86_64-softmmu, arm-softmmu, armeb-softmmu, m68k-softmmu, aarch64-softmmu, mips-softmmu, mipsel-softmmu, mips64-softmmu, mips64el-softmmu, sparc-softmmu,sparc64-softmmu,"

    ERROR: Cannot use 'python', Python 2.4 or later is required.
           Note that Python 3 or later is not yet supported.
           Use --python=/path/to/python to specify a supported Python.

    make: *** [Makefile:214: qemu/config-host.h-timestamp] Error 1
    error: [Errno 2] No such file or directory: 'libunicorn.so'
    ----------------------------------------
ERROR: Command errored out with exit status 1: /data/data/com.termux/files/usr/bin/python2 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/data/data/com.termux/files/usr/tmp/pip-install-SWRzrj/unicorn/setup.py'"'"'; __file__='"'"'/data/data/com.termux/files/usr/tmp/pip-install-SWRzrj/unicorn/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /data/data/com.termux/files/usr/tmp/pip-record-8LSfus/install-record.txt --single-version-externally-managed --compile Check the logs for full command output.
$

Hi,

To have up to date vulnerabilities within this tool, can you add support for WPVulnDB API v3, please?

API Docs:

https://wpvulndb.com/api

Users will need to register and use their API key.

Thanks,
Ryan

cmd:
python main.py -u "http://WWW.SITE.EXAMPLE" --update --random-agent

StackTrace:
Traceback (most recent call last):
File "main.py", line 56, in
Scan_Engine(wp, results.aggressive)
File "/home/App/Wordpresscan/engine/scan.py", line 19, in init
self.enumerating_plugins_passive(wordpress)
File "/home/App/Wordpresscan/engine/scan.py", line 188, in enumerating_plugins_passive
display_vulnerable_component(plugin_name, plugin_version, "plugins")
File "/home/App/Wordpresscan/engine/core.py", line 182, in display_vulnerable_component
if is_lower(version, data[name]['latest_version'], False):
File "/home/App/Wordpresscan/engine/core.py", line 144, in is_lower
if len(str_two) < 5:
TypeError: object of type 'NoneType' has no len()

Hi,

Would it be possible to implement a login when redirection to a login page is detected?

Thx

WordPress scanner based on wpscan work - @pentest_swissky

[+] URL: https://ABC.com
[+] robots.txt available under: https://ABC.com/robots.txt
[+] Interesting entry from robots.txt: Disallow: /wp-content
[+] sitemap.xml available under: https://ABC.com/sitemap.xml
[+] license.txt available under: https://ABC.com/license.txt
Traceback (most recent call last):
File "wordpresscan.py", line 62, in
Scan_Engine(wp, results.aggressive)
File "/home/kali/Desktop/Wordpresscan/engine/scan.py", line 15, in init
self.fingerprint_wp_version(wordpress)
File "/home/kali/Desktop/Wordpresscan/engine/scan.py", line 96, in fingerprint_wp_version
self.fingerprint_wp_version_hash_based(wordpress)
File "/home/kali/Desktop/Wordpresscan/engine/scan.py", line 58, in fingerprint_wp_version_hash_based
tree = etree.parse("database/wp_versions.xml")
File "src/lxml/etree.pyx", line 3444, in lxml.etree.parse (src/lxml/etree.c:83170)
File "src/lxml/parser.pxi", line 1834, in lxml.etree._parseDocument (src/lxml/etree.c:120742)
File "src/lxml/parser.pxi", line 1860, in lxml.etree._parseDocumentFromURL (src/lxml/etree.c:121089)
File "src/lxml/parser.pxi", line 1764, in lxml.etree._parseDocFromFile (src/lxml/etree.c:119997)
File "src/lxml/parser.pxi", line 1161, in lxml.etree._BaseParser._parseDocFromFile (src/lxml/etree.c:114546)
File "src/lxml/parser.pxi", line 598, in lxml.etree._ParserContext._handleParseResultDoc (src/lxml/etree.c:107723)
File "src/lxml/parser.pxi", line 709, in lxml.etree._handleParseResult (src/lxml/etree.c:109432)
File "src/lxml/parser.pxi", line 638, in lxml.etree._raiseParseError (src/lxml/etree.c:108286)
File "database/wp_versions.xml", line 32
lxml.etree.XMLSyntaxError: Entity 'bull' not defined, line 32, column 72

req = requests.post("http://127.0.0.1:8000/xmlrpc.php", data=post)
Brute-force crashes because WP is not running at http://127.0.0.1:8000/

I am testing my domain bluebird.com.sv and program breaks with following error

[i] Enumerating Wordpress users
Traceback (most recent call last):
File "main.py", line 52, in
wp = Wordpress(format_url(results.url), results.random_agent, results.nocheck, results.max_threads)
File "/root/Tools/Wordpresscan/engine/wordpress.py", line 35, in init
self.enum_wordpress_users()

add output logging
xml / json / log/txt

and maybe an all over stats like:
SQLi[5]
XSS[4]
etc.

im stuck on this command
python installer.py
python: can't open file 'installer.py': [Errno 2] No such file or directory

I did all these steps
https://www.youtube.com/watch?v=a1obUshefQI

Anyone know how to solve this?