WPXF: The WordPress Exploit Framework!

My last post about WordPress security was WPSeku, the simple WordPress security scanner. This post is about WPXF, short for the WordPress Exploit Framework, which will help you go one step further and perform penetration tests on WordPress powered websites.

WPXF
WordPress Exploit Framework

Continue reading “WPXF: The WordPress Exploit Framework!”

WPSeku: A Simple WordPress Security Scanner!

There are a lot of open source WordPress security scanners out there right now and WPSeku is one more of them. Since it’s release about a month ago, it has a few static cross-site scripting, local file inclusion and SQL injection strings which it tries to leverage while scanning a website.

WPSeku
WPSeku

Continue reading “WPSeku: A Simple WordPress Security Scanner!”

pyfiscan: A Local Web Application Vulnerability Scanner!

A problem with remote web application vulnerability scanners is that sometimes they have false positives. The only way to get good results is by launching an actual exploit, which if not treated with caution can lead to problems with the web application itself. This is where pyfiscan comes into picture and helps you perform a non-intrusive vulnerability scan on your own web application.

pyfiscan
pyfiscan

Continue reading “pyfiscan: A Local Web Application Vulnerability Scanner!”

PwnBack: Wayback Machine Leveraging Burp Extender Plugin!

This post is about a functionality which was untill today was not automated, yet very important in real world and bug bounty scenarios. The name is – PwnBack, a open source Burp Extender plugin, coded in JAVA which leverages the Wayback search engine and generates a sitemap accordingly.

PwnBack
PwnBack

Continue reading “PwnBack: Wayback Machine Leveraging Burp Extender Plugin!”

Jackhammer: A Vulnerability Assessment Collaboration Tool!

A lot many good things are being done in Docker. Jackhammer is another good example of this. The authors have gone ahead and put almost everything you would need for vulnerability assessment and vulnerability management, dockerized it, made it an all-in-one tool and put it up for us to use! A few other security related docker projects can be found here.

Jackhammer
Jackhammer

Continue reading “Jackhammer: A Vulnerability Assessment Collaboration Tool!”

Leviathan: An All In One Security Audit Toolkit!

Fresh off the GitHub repository – Leviathan, an open source, wide-range  security audit toolkit that helps you with service discovery, brute force, SQL injection detection and running custom exploit. One of the guys behind this project is Utku Sen. If you remember he was the one who wrote open source ransomware – EDA2 and Hidden Tear.

Leviathan
Leviathan

Continue reading “Leviathan: An All In One Security Audit Toolkit!”

WPForce & Yertle: The WordPress Attack Suite!

There are a lot of WordPress security tools out there such as the WPScan, vulnerability scanner. Now, there is an addition – WPForce, which I consider is a more offensive tool that performs brute force attempts against a targeted WordPress installation.

WPForce
WPForce

Continue reading “WPForce & Yertle: The WordPress Attack Suite!”