WordPress Vulnerability Scanner
Just a quick note: A new version of my wp-scanner is available.
Check it out at BlogSecurity.
The command line version is no longer supported but is available here by request.
$ perl -x wp-scanner.pl http://testblog/wordpress/
WordPress Scanner starting: David Kierznowski (http://michaeldaw.org)
Using plugins dir: wp-content/plugins
[*] Initial WordPress Enumeration
[*] Finding WordPress Major Version
[*] Testing WordPress Template for XSS
WordPress Basic Results
wp-commentsrss2.php => Version Leak: WordPress 2.1.3
wp-links-opml.php => Version Leak: WordPress 2.1.3
wp-major-ver => Version 2.1
wp-rdf.php => Version Leak: WordPress 2.1.3
wp-rss.php => Version Leak: WordPress 2.1.3
wp-rss2.php => Version Leak: WordPress 2.1.3
wp-server => Apache/1.3.34 (Unix) PHP/4.4.4 mod_ssl/2.8.25 OpenSSL/0.9.8a
wp-style-dir => http://testblog/wordpress/wp-content/themes/time1-theme-10/style.css
wp-title => Test Blog
wp-version => WordPress 2.1.3
x-Pingback => http://testblog/wordpress/xmlrpc.php
WordPress Plugins Found
wp-plugins[0] => Akismet
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
[...] method is ideal for blind XSS worms, where you do not know what the web server is running ( i.e. my wp-scanner tool uses generic XSS tests to find vulnerabilities in WordPress themes; it doesn’t care what [...]
[...] The original command line tool is no longer supported, but is still available for download here. More information available here. [...]
where can i download it?