[WEB SECURITY] Introducing WPScan - WordPress Security Scanner

Ryan Dewhurst ryandewhurst at gmail.com
Mon Jun 20 14:39:32 EDT 2011


The client side file hashing is something I became aware of after
writing the w3af wordpress version discovery plugin a few years back.
The w3af plugin just does string matching though, if string in file,
version is x. But the idea was put forward then by someone or multiple
people (can't remember) after completing it.

It is definitely something I will implement into WPScan in the future.
I find the readme file version isn't always reliable and the generator
tag is sometimes removed.

I also plan to implement plugin and plugin version detection along
with vulnerability matching (by version And some further username
enumeration techniques.

If any one would like to contribute and make a start on any of these,
it would be awesome!

The project is still in ALPHA and needs a fair bit of work, but I
believe it has the grounding to become a great tool!

Ryan

Ryan Dewhurst

blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r



On Mon, Jun 20, 2011 at 6:04 PM, Chris Weber <chris at casabasecurity.com> wrote:
> dd, have you open sourced any parts of  your production code, such as the
> fingerprinting data?  Or do we each need to do that work independently?
>
> And have you detected any edge cases - for example a Web server that
> includes an extra newline character in the body?
>
> -Chris
>
> -----Original Message-----
> From: sucurisec at gmail.com [mailto:sucurisec at gmail.com] On Behalf Of
> dd at sucuri.net
> Sent: Monday, June 20, 2011 9:58 AM
> To: Chris Weber
> Cc: seth; ryandewhurst at gmail.com; webappsec at securityfocus.com;
> websecurity at webappsec.org
> Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner
>
> Comparing the hashes of some js/css file is probably the most reliable
> method, since lots of sites hide their version from the generator and remove
> the readme file.
>
> We wrote an article about it a while ago:
> http://tools.sucuri.net/?page=docs&title=fingerprinting-web-apps
>
> And we still use that on our scanner ( http://sitecheck.sucuri.net ) :)
>
> Thanks,
>
>




More information about the websecurity mailing list