Skip to content
/ WP-Exploiter Public

WP-Exploiter is a tool for testing and exploiting a wide range of WordPress websites.

License

MIT license
11 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eliranmaman/WP-Exploiter

BranchesTags

Repository files navigation

WP-Exploiter GitHub tag (latest by date) GitHub Workflow Status (branch) GitHub top language GitHub

WP-Exploiter is a tool for testing and exploiting a wide range of WordPress websites.

Our tool coverage

  • Identifying WordPress websites by several methods.
  • Identifying WordPress versions by several methods
  • Enumerating WordPress users by several methods.
  • Detect & exploit weaknesses in specific versions.

Requirements

  • Python3 (tested on 3.7).
  • Python modules as specified on requirements.txt.

Default configurations

Can be changed at config/conf.json.

{
  "http_data": {
      "max_retries": "The maximum retries for http requests.",
      "timeout": "In mil sec.",
      "retries_reason": "The reason that will invoke another retry.",
      "retries_break_time": "In sec.",
      "user_agent": "User agent for the HTTP requests."
  },

  "detector_data": {
    "admin_path": "The default WordPress admin panel path.",
    "login_path": "The default WordPress login path.",
    "feed_path": "The default WordPress feed path.",
    "upgrade_path": "The default WordPress upgrade path.",
    "timeout": "Timeout in sec.",
    "css_path": "common css files at WordPress systems.",
    "detect_th": "Smart detector threshold (the lower the number - the higher the sensitivity)."
  },

  "enumerator_data": {
    "start_enumeration": "Default user id to start enumeration with.",
    "enumeration_chunk": "Every iteration will enumerate this number of users.",
    "rest_api_path": "The default WordPress rest-api path.",
    "rest_api_id_col": "The default WordPress rest-api id key.",
    "rest_api_slug_col": "The default WordPress rest-api slug key.",
    "rest_api_name_col": "The default WordPress rest-api name key.",
    "rest_api_status_col": "The default WordPress rest-api status key.",
    "author_path": "The default WordPress author path for enumeration.",
    "success_code": "The default success code for user enumeration (by author method)."
  },

  "exploiter_data": {
    "WPPluginExploiter": {
        "readme_path": "The default WPPluginExploiter class readme path."
    },
    "WPDatabaseResetExploiter": {
        "readme_path": "The default readme path for this plugin."
    },
    "WPTimeCapsuleExploiter": {
        "readme_path": "The default readme path for this plugin."
    }
  },

  "register_data": {
    "register_required_data": "The default necessary data for registering new WordPress user."
  },

  "bruteforce_data": {
    "success": "The default 'success' cookie for successful login.",
    "num_of_threads": "The default number of threads for the bruteforce attack.",
    "error_limit": "The error threshold to determine that this website is not allowing bruteforce.",
    "wp_admin": "The login path (default).",
    "test_cookie": "Test cookie."
  }

}

Basic Usage

python cliy.py [COMMAND] [ARGS]
Possible commands -
  • detect - Detect if URL/IP is a WordPress site and try to get the WordPress system version. Args:
    • --url / -u: The URL/IP to test (for example: http://example.com).
    • --timeout / -to: Maximum timeout for each HTTP request, in msecs and only integer (for example 100).
    • --proxy / -p: Proxy (URL/IP) to use (for example: 192.192.192.192).
  • enumerate - Try to enumerate user names of WordPress System. Args:
    • --url / -u: The URL/IP to test (for example: http://example.com).
    • --proxy / -p: Proxy (URL/IP) to use (for example: 192.192.192.192).
    • minid: The id to start enumerate from (for example 1, will try enumerate user with id 1 and above).
    • maxid: The user id to stop enumerate (for example 5, will try enumerate from the minid until id 5).
  • bruteforce - Try to do login Bruteforce and crack passwords with a dictionary attack. Args:
    • --url / -u: The URL/IP to test (for example: http://example.com)
    • --proxy / -p: Proxy (URL/IP) to use, (for example: 192.192.192.192).
    • --usernames / -un: Path to a file containing usernames to enumerates (each username in a separate line).
    • --passwords / -pass: Path to a file containing passwords to try for each username (each password in a separate line).
    • --threads, -t: Number of working threads (default is 1, only integer).
  • exploit - Try to exploit WordPress Website and gain control over the admin user. Args:
    • --url / -u: The URL/IP to test (for example: http://example.com).
    • --proxy / -p: Proxy (URL/IP) to use (for example: 192.192.192.192).
    • --type / -ex: The exploite you wish to try, choose from [time-capsule, reset-database, all].
  • readme - prints the readme file.

Further Attacks

Of course, you can clone & implement other exploits. Our interface is generic and supports several exploiting methods.

Automation

WP-Exploiter has the potential to be automated in different ways. We are going to leave this to you. You can find an example at examples/run.py.

Note

  • We do not claim the description or the purpose of this tool to be 100% accurate. If you see anything which is incorrect in this document, please submit a pull request or open a new issue.
  • We do not encourage using it on real websites, this is tool is for educational purposes only. We are not responsible for any usage of anyone on this tool.

About

WP-Exploiter is a tool for testing and exploiting a wide range of WordPress websites.

Topics

python wordpress security python3 python-3 security-vulnerability vulnerabilities vulnerability-detection vulnerability-identification vulnerability-scanners

Resources

Readme

License

MIT license
Activity

Stars

11 stars

Watchers

3 watching

Forks

7 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages