Since my initial post about WPSeku was about v0.1.0, an updated was made by the author and a new version was released. This post is an attempt at mentioning the changes made to the tool. Read more about UPDATE: WPSeku v0.2.1!
LFISuite: An Automatic LFI Exploiter & Scanner!
This is a short post about LFISuite, an open source local file inclusion scanner and exploiter that is coded in Python. It supports multiple attack points and also has TOR proxy support. We all know that Local File Inclusion (also known as LFI) is a process of "including" locally present files, through the exploitation of vulnerable inclusion procedures implemented in the application that accepts un-sanitized input. Read more about LFISuite: An Automatic LFI Exploiter & Scanner!
FOCA: Fingerprinting & Organisation with Collected Archives!
There are a few tools OSINT tools that I wrote about in the old PenTestIT blog that I still remember. FOCA is one of them and it has only gotten better with time and has a lot of features and plugins since I last looked at it. Read more about FOCA: Fingerprinting & Organisation with Collected Archives!
WPSeku: A Simple WordPress Security Scanner!
There are a lot of open source WordPress security scanners out there right now and WPSeku is one more of them. Since it's release about a month ago, it has a few static cross-site scripting, local file inclusion and SQL injection strings which it tries to leverage while scanning a website. Read more about WPSeku: A Simple WordPress Security Scanner!