WPSploit - A Wordpress Plugin Security Testing tool written in Python 2
About WPSploit - Aggressive Code Scanner for Wordpress
This tool is intended for Penetration Testers who audit WordPress themes or plugins or developers who wish to audit their own WordPress code. This script should be used for learning purposes only. By downloading and running this script you take every responsibility for wrong or illegal uses of it.
For more informations about the vulnerabilities tested click here.
Install an use
git clone https://github.com/m4ll0k/WPSploit wpsploit/ (Download WPSploit)
cd wpsploit
python wpsploit.py (Run WPSploit)
Type --help or -h to get the usage information anytime:
__ ____________ _________ __ __ __
/ \ / \______ \/ _____/_____ | | ____ |__|_/ |__
\ \/\/ /| ___/\_____ \\____ \| | / _ \| |_ ___|
\ / | | / \ |_) | |_( (_) ) | | |
\__/\ / |____| /_______ / __/|____/\____/|__| |__|
\/ \/|__|
Aggressive Code Scanner for WordPress Themes/Plugins
Author: Momo (m4ll0k) Outaadi
Contributors: Filippo (b4dnewz) Conti
Usage: $ python wpsploit.py
You can run it against a single file or a directory and it will test for common code vulnerabilities.
