Wow I seem to have missed a lot of updates lately. This time, I missed an update about WPXF. We now have the WordPress Exploit Framework v1.6.1 amongst us! This new version among other things updates a major bug that occurred while updating the framework and adds multiple new modules and payloads! Read more about UPDATE: WordPress Exploit Framework v1.6.1!
Since my initial post about WPSeku was about v0.1.0, an updated was made by the author and a new version was released. This post is an attempt at mentioning the changes made to the tool. Read more about UPDATE: WPSeku v0.2.1!
My last post about WordPress security was WPSeku, the simple WordPress security scanner. This post is about WPXF, short for the WordPress Exploit Framework, which will help you go one step further and perform penetration tests on WordPress powered websites. Read more about WPXF: The WordPress Exploit Framework!
There are a lot of open source WordPress security scanners out there right now and WPSeku is one more of them. Since it's release about a month ago, it has a few static cross-site scripting, local file inclusion and SQL injection strings which it tries to leverage while scanning a website. Read more about WPSeku: A Simple WordPress Security Scanner!
There are a lot of WordPress security tools out there such as the WPScan, vulnerability scanner. Now, there is an addition - WPForce, which I consider is a more offensive tool that performs brute force attempts against a targeted WordPress installation. Read more about WPForce & Yertle: The WordPress Attack Suite!