WordPress Vulnerability Scanner
Just a quick note: A new version of my wp-scanner is available.
Check it out at BlogSecurity.
The command line version is no longer supported but is available here by request.
$ perl -x wp-scanner.pl http://testblog/wordpress/
WordPress Scanner starting: David Kierznowski (http://michaeldaw.org)
Using plugins dir: wp-content/plugins
[*] Initial WordPress Enumeration
[*] Finding WordPress Major Version
[*] Testing WordPress Template for XSS
WordPress Basic Results
wp-commentsrss2.php => Version Leak: WordPress 2.1.3
wp-links-opml.php => Version Leak: WordPress 2.1.3
wp-major-ver => Version 2.1
wp-rdf.php => Version Leak: WordPress 2.1.3
wp-rss.php => Version Leak: WordPress 2.1.3
wp-rss2.php => Version Leak: WordPress 2.1.3
wp-server => Apache/1.3.34 (Unix) PHP/4.4.4 mod_ssl/2.8.25 OpenSSL/0.9.8a
wp-style-dir => http://testblog/wordpress/wp-content/themes/time1-theme-10/style.css
wp-title => Test Blog
wp-version => WordPress 2.1.3
x-Pingback => http://testblog/wordpress/xmlrpc.php
WordPress Plugins Found
wp-plugins[0] => Akismet
where can i download it?
i’m sorry, i just don’t pay much attention to the URL.
No problem KaiTou.
What should i say . Very good.
[…] method is ideal for blind XSS worms, where you do not know what the web server is running ( i.e. my wp-scanner tool uses generic XSS tests to find vulnerabilities in WordPress themes; it doesn’t care what […]
[…] The original command line tool is no longer supported, but is still available for download here. More information available here. […]