WordPress is a one free and open-source, highly customizable and favorite content management system (CMS) that used by bloggers and webmasters. Nothing is secure, even CMS “always” has bugs, then patched and updated, but then the following bugs is coming, etc. There are also many potential security vulnerabilities in WordPress.
In this article, I will show you how to use WPSeku, a WordPress vulnerability scanner in Kali Linux, that can be used to find security issues, bugs, or other potential-hijacked information in our WordPress installation and block potential threats.
You may familiar with WPScan if doing WordPress vulnerability scanning. WPSeku, in other side is almost does the same, it is simple WordPress vulnerability scanner written using Python, WPSeku can be used to scan local and remote WordPress installations to find security issues.
git clone https://github.com/m4ll0k/WPSeku.git cd WPSeku pip install -r requirements.txt python wpseku.py
Before running WPSeku you need to make sure that the target using WordPress. Yeah of course! Check using whatweb for detect what CMS does the target used.
There are alot specific options served by WPSeku, rather than using complicated optioins I just simply run the following command:
python wpseku.py --target [http://myTarget]
These are the output we got!
[+] Target: http://satpolpp.tulungagung.go.id [+] Starting: 28/07/2017 23:23:57 [*] Checking sitemap... [-] sitemap.xml not available [*] Checking license... [+] license.txt available under: http://satpolpp.tulungagung.go.id/license.txt [*] Checking robots... [+] robots.txt available under: http://satpolpp.tulungagung.go.id/robots.txt User-agent: * Disallow: /wp-admin/ Allow: /wp-admin/admin-ajax.php [+] readme.html available under: http://satpolpp.tulungagung.go.id/readme.html [*] Checking .htaccess... [-] .htaccess not available [*] Checking xmlrpc... [+] XML-RPC Interface available under: http://satpolpp.tulungagung.go.id/xmlrpc.php [*] Checking wp-config-sample... [+] wp-config-sample available under: http://satpolpp.tulungagung.go.id/wp-config-sample.php [*] Interesting headers... Connection: close Content-Type: text/html; charset=UTF-8 Date: Fri, 28 Jul 2017 16:22:18 GMT Server: Apache/2.4.18 (Ubuntu) Transfer-Encoding: chunked Vary: Accept-Encoding [*] Checking WAF... [*] Checking wp-login protection... [+] wp-login not detect protection [*] Checking wordpress version... [+] Running WordPress version: 4.7.5 | Title: WordPress 2.3-4.7.5 - Host Header Injection in Password Reset | Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html | Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html | Fixed in: None
Aha! we found target vulnerability info, detail and reference. Now search any information for that particular security issue on google, and hope we could hack it! haha.. 🙂