After creating the WordPress Brute Force Tool last weekend, I decided to create a bigger project out of it, called WPScan.
WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations. The code base is Open Source and licensed under the GPLv3.
Features include:
Username enumeration
Weak password cracking (multithreaded)
Version enumeration
Vulnerability enumeration (based on version)
Plugin enumeration (todo)
Plugin vulnerability enumeration (based on version) (todo)
Other miscellaneous checks
Installation:
**Please use the up to date instructions found here; http://wpscan.org/
WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.
sudo apt-get install libcurl4-gnutls-dev
sudo gem install –user-install typhoeus
sudo gem install –user-install xml-simple
(I developed WPScan on Backtrack5 Gnome 32bit, if installing on another OS, you may not need the –user-install option when installing the non native gems)
Download:
WPScan will be hosted on Google Code GitHub at https://github.com/wpscanteam/wpscan.
You can download and start running WPScan ALPHA by checking out cloning the SVN trunk git trunk.
“svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only”
git clone https://github.com/wpscanteam/wpscan.git
Example usage:
Examples:
ruby wpscan.rb –url www.example.com
ruby wpscan.rb –url www.example.com –wordlist darkc0de.lst –threads 50
ruby wpscan.rb –url www.example.com –wordlist darkc0de.lst –username admin
Contributions, feedback, comments are welcome.
Happy Hacking!
24 Responses
[...] – Pengembang Ryan Dewhurst telah meluncurkan suatu proyek baru yang disebut WPScan, WordPress Security Scanner. Versi awal dapat digunakan untuk [...]
[...] WPScan è un progetto interessante che permette di verificare lo stato di un’installazione WordPress. E’ semplice da utilizzare e chiaro nei risultati. L’ho appena provato su di una tranquilla installazione Debian ed ho dovuto “semplicemente” installare Ruby, rubygem, subversion. Dopo di che si aggiungono libcurl4-gnutls-dev e si installano due gem(me) (gem install typhoeus e gem install xml-simple) e si scarica wpscan (svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only) e si procede. I risultati sono interessanti. L’autore promette nuove funzionalità. Ecco cosa scrive: Features include: [...]
[...] http://www.ethicalhack3r.co.uk/security/introducing-wpscan-wordpress-security-scanner/ [...]
[...] Ryan Dewhurst has launched a new project called WPScan, a WordPress Security Scanner. The initial version can attempt to work [...]
[...] you just want to scan your installation for security vulnerabilities and plug the holes yourself, WPScan may be the tool for [...]
[...] you just want to scan your installation for security vulnerabilities and plug the holes yourself, WPScan may be the tool for [...]
Easy to install. Works as described.
You could check if PHP errors are enabled with ./wp-settings.php which errors when called directly in every version of WordPress.
The version detection could be improved by comparing the md5 hash of ./readme.html
md5 hashes for readme.html:
https://github.com/bcoles/WhatWeb/blob/322274099d29f86b3dee49a8cb80752bc548e13f/plugins/wordpress.rb
directories for themes and plugins:
http://code.google.com/p/cms-explorer/source/browse/trunk/wp_plugins.txt
http://code.google.com/p/cms-explorer/source/browse/trunk/wp_themes.txt
Checking if ./wp-plugins/ has directory indexing enabled would be a quick and easy method of determining which plugins are installed. Knowing that directory indexing is enabled is always nice too.
[...] Ryan Dewhurst recently introduced WPScan, a new security scanner for [...]
[...] came across an interesting tool for us WordPress bloggers..WPScan from http://www.ethicalhack3r.co.uk/security/introducing-wpscan-wordpress-security-scanner/ WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known [...]
[...] Introducing WPScan – WordPress Security Scanner [...]
[...] in the last few days a new tool hit the tubes wpscan. Still under development it does a few different checks including brute forcing for [...]
Thanks a lot for this useful tool. WordPress is more and more used as a permormant CMS, becoming important to have a secured installation, and this tool helps to check it !
Works fine on a BT5 32bits in a Oracle VM Virtual Box. Don’t forget to EXPORT path for ruby binaries, and to complete installation with a sudo gem install –-user-install mime-types before running it.
Thnks again !
You’ve changed they way you do –version
its now –enumerate v
Update the docs :)
(Still doesn’t work on our WordPress installation, even though its in the readme.html and the css link)
@sarkie_dave
hey,
i was wondering, after i saw yur video, those vulnerabilities found. what do we do next with them, how do we crack admin password. thats all i want :D
Hi Ryan – just wondered if you would stick a note in your #wpscan ‘readme’ file, telling amateurs (like myself) where or in which directory to place the ‘dictionary’ file for cracking ;)
Should it remain at ROOT/ or should it be copied into the wpscan folder?
Thanks
Cliff
[...] WPScan é uma ferramenta criado pelo ethicalhack3r que pretende identificar falhas ou pontos fracos em sistemas WordPress, permite enumerar [...]
I have it installed following this guide, its similar i guess.
http://www.hackersgarage.com/wpscan-wordpress-security-scanner.html
I simply needed to appreciate you yet again. I am not sure the things I might have created in the absence of the actual creative concepts provided by you concerning this concern. Previously it was an absolute daunting concern in my circumstances, but viewing the very well-written fashion you handled it made me to cry for delight. springhill group
Amazon Gold Ventures
This internet site is truly a walk-through it actually may be the details you wanted concerning this and didn’t know who to inquire about. Glimpse here, and you will absolutely discover it.
This is very useful for us! Thanks!
[...] Security Scanner On March 22, 2012 In WordPress With No Comments http://www.ethicalhack3r.co.uk/security/introducing-wpscan-wordpress-security-scanner/ No related [...]
[...] = [];}For all you wordpress lovers we have added wpscan to our existing WordPress Security Scan. WPScan is a handy wordpress focused vulnerability scanner developed by Ryan Dewhurst [...]
completed all the steps in order to get it running but i recieve this error when i try to start it….
http://imageshack.us/photo/my-images/141/errorryw.png/
Can somenone help me?
Regards
Amazing blog! Do you have any helpful hints for aspiring
writers? I’m hoping to start my own website soon but I’m a
little lost on everything. Would you suggest starting with a free platform like WordPress or go for
a paid option? There are so many choices out there that I’m completely confused .. Any suggestions? Many thanks!