WPSeku Kali Linux (WordPress Security Scanner) Guide

WPSeku Kali Linux (WordPress Security Scanner) is a blackbox WordPress vulnerability scanner that can be utilized to scan distant WordPress installations to seek out safety points. Also read this updated article on MSF methodologies

Abilities of WPSeku WordPress Security Scanner




I have listed best ways to learn Kali Linux heretake a look. WPSeku helps numerous sorts of scanning together with:
  • Testing for XSS Vulnerabilities
  • Testing for SQL Injection Vulnerabilities
  • Testing for LFI Vulnerabilities
  • Bruteforce login through xmlrpc
  • Username Enumeration
  • Proxy Help
  • Technique (GET/POST)
  • Customized Wordlists
  • Customized user-agent
Learn about Kali Linux here. It additionally makes use of the WPVulnDB Vulnerability Database API at https://wpvulndb.com/api.

Set up for wpseku kali linux

$ git clone https://github.com/m4ll0k/WPSeku.git wpseku
$ cd wpseku
$ pip install -r requirements.txt
$ python wpseku.py

Utilization of wpseku kali linux

python wpseku.py –target http://web site.com–ragent
following are its all helpful instructions
-t --target Target URL (eg: http://localhost)
-x --xss Testing XSS vulns
-s --sql Testing SQL vulns
-l --lfi Testing LFI vulns
-q --query Testable parameters (eg: "id=1&test=1")
-b --brute Bruteforce login via xmlrpc
-u --user Set username, default=admin
-p --proxy Set proxy, (host:port)
-m --method Set method (GET/POST)
-c --cookie Set cookies
-w --wordlist Set wordlist
-a --agent Set user-agent
-r --redirect Redirect target url, default=True
-h --help Show this help and exit


Examples:
wpseku.py --target http://localhost
wpseku.py -t http://localhost/wp-admin/post.php -m GET -q "post=49&action=edit" [-x,-s,-l] wpseku.py --target http://localhost --brute --wordlist dict.txt
wpseku.py --target http://localhost --brute --user test --wordlist dict.txt

Credit and Contributors

Unique concept and script from WPScan Staff (https://wpscan.org/)



WPScan Vulnerability Database (https://wpvulndb.com/api)
You’ll be able to obtain WPSeku right here: master.zip
Or learn extra here. Here is complete guide on how to compromise multiple targets? and bypass intrusion detection using MSF and Veil Evasion