\ \ / / _ \/ ___| ___| | ___ _
\ \ /\ / /| |_) \___ \ / _ \ |/ / | | |
\ V V / | __/ ___) | __/ <| |_| |
\_/\_/ |_| |____/ \___|_|\_\\__,_|
|| WPSeku – WordPress Security Scanner
|| Version 0.2.1
|| Momo Outaadi (M4ll0k)
|| https://github.com/m4ll0k/WPSeku
Usage: ./wpseku.py [—target|–t] http://localhost
–t —target Target URL (eg: http://localhost)
–x —xss Testing XSS vulns
–s —sql Testing SQL vulns
–l —lfi Testing LFI vulns
–q —query Testable parameters (eg: “id=1&test=1”)
–b —brute Bruteforce login via xmlrpc
–u —user Set username, default=admin
–p —proxy Set proxy, (host:port)
–m —method Set method (GET/POST)
–c —cookie Set cookies
–w —wordlist Set wordlist
–a —agent Set user–agent
–r —redirect Redirect target url, default=True
–h —help Show this help and exit
Examples:
wpseku.py —target http://localhost
wpseku.py –t http://localhost/wp-admin/post.php -m GET -q “post=49&action=edit” [-x,-s,-l]
wpseku.py —target http://localhost –brute –wordlist dict.txt
wpseku.py —target http://localhost –brute –user test –wordlist dict.txt
Source : DarkNet