[WEB SECURITY] Introducing WPScan - WordPress Security Scanner

Richard M. Smith richard.m.smith at bsf-llc.com
Tue Jun 21 09:13:19 EDT 2011


On a related note:

Google Now Warning WordPress Users They Need To Update
http://www.stateofsearch.com/google-now-warning-wordpress-users-they-need-to
-update/

If you own a WordPress website and you haven’t updated your WordPress
version lately you might be getting a warning soon. And no, this is not the
warning you get when you open the WordPress CMS, it is a warning from
Google.

Last week the first people started noticing that Google had sent them a
message within Google Webmaster Tools saying they should update their
WordPress versions. I myself today got an e-mail from GWT saying one of my
sites needs an update.

The e-mail or message in WMT tells you your site appears to be running an
older version of WordPress and that you should update because otherwise your
site may be vulnerable to hacking or malware.

Richard

-----Original Message-----
From: listbounce at securityfocus.com [mailto:listbounce at securityfocus.com] On
Behalf Of Ryan Dewhurst
Sent: Monday, June 20, 2011 2:40 PM
To: Chris Weber
Cc: dd at sucuri.net; seth; webappsec at securityfocus.com;
websecurity at webappsec.org
Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner

The client side file hashing is something I became aware of after writing
the w3af wordpress version discovery plugin a few years back.
The w3af plugin just does string matching though, if string in file, version
is x. But the idea was put forward then by someone or multiple people (can't
remember) after completing it.

It is definitely something I will implement into WPScan in the future.
I find the readme file version isn't always reliable and the generator tag
is sometimes removed.

I also plan to implement plugin and plugin version detection along with
vulnerability matching (by version And some further username enumeration
techniques.

If any one would like to contribute and make a start on any of these, it
would be awesome!

The project is still in ALPHA and needs a fair bit of work, but I believe it
has the grounding to become a great tool!

Ryan

Ryan Dewhurst

blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com twitter
www.twitter.com/ethicalhack3r



On Mon, Jun 20, 2011 at 6:04 PM, Chris Weber <chris at casabasecurity.com>
wrote:
> dd, have you open sourced any parts of  your production code, such as 
> the fingerprinting data?  Or do we each need to do that work
independently?
>
> And have you detected any edge cases - for example a Web server that 
> includes an extra newline character in the body?
>
> -Chris
>
> -----Original Message-----
> From: sucurisec at gmail.com [mailto:sucurisec at gmail.com] On Behalf Of 
> dd at sucuri.net
> Sent: Monday, June 20, 2011 9:58 AM
> To: Chris Weber
> Cc: seth; ryandewhurst at gmail.com; webappsec at securityfocus.com; 
> websecurity at webappsec.org
> Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security 
> Scanner
>
> Comparing the hashes of some js/css file is probably the most reliable 
> method, since lots of sites hide their version from the generator and 
> remove the readme file.
>
> We wrote an article about it a while ago:
> http://tools.sucuri.net/?page=docs&title=fingerprinting-web-apps
>
> And we still use that on our scanner ( http://sitecheck.sucuri.net ) 
> :)
>
> Thanks,
>
>



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------





More information about the websecurity mailing list