search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.48k stars 1.25k forks source link

Create a WordPress install which shows off wpscan findings #807

Open ethicalhack3r opened 9 years ago

ethicalhack3r commented 9 years ago

Currently, not all of wpscan's features are well documented. Some are not documented at all, such as wp-config.php backup disclosure.

Would be cool to create a WordPress install with docker or similar which contains as many of the issues we look for as possible.

This would be useful when demo'ing wpscan features and also maybe in a test environment. Maybe even in an automated test environment, fire up docker ensure findings of previous scan equal findings of new scan.

ethicalhack3r commented 9 years ago

Could maybe use: https://hack.me/

erwanlr commented 9 years ago

I registered an account at hack.me (perso one, to test things)

Basically, you upload all the files etc, set a db, load a dump (or not), privileges on folders and it should be good. So you need to create a wp in the LAMP VM for example, add all the vulnerable things, zip the whole folder, and dump the DB to put on hack.me. Manually doing this would be so painful, and we should create a script using wp-cli / bash to setup all that for us, then manually create/edit the app on hack.me

firefart commented 9 years ago

i just took a look at creating a docker image for this purpose (also to test v3 vs v2 findings). But i did not manage to get wordpress to install and do not want to use the wordpress docker image :(

erwanlr commented 9 years ago

Yea, it's not easy xD (I created a docker for wpscan long ago: https://github.com/wpscanteam/docker-wpscan/blob/master/Dockerfile and it was painful as hell :/)

erwanlr commented 9 years ago

The blog url has to be provided during the WP installation right ? (it's then used in the links etc), so how can we get this working with hackme ? (I've not tried, just worried that we might not be able to have a working blog on hack.me :/)

erwanlr commented 9 years ago

Seems like it could work, will to play a bit with that ^^

erwanlr commented 9 years ago

Any preferred vulnerable plugins / themes to add ?

Was thinking about at least a plugin leaking its version from the index page (so it can be detected with passive methods in the v3)

ethicalhack3r commented 9 years ago

Maybe a popular one that has an msf module On 26 Apr 2015 13:24, "erwanlr" notifications@github.com wrote:

Any preferred vulnerable plugins / themes to add ?

Was thinking about at least a plugin leaking its version from the index page (so it can be detected with passive methods in the v3)

— Reply to this email directly or view it on GitHub https://github.com/wpscanteam/wpscan/issues/807#issuecomment-96366078.

erwanlr commented 9 years ago

Can't get the blog to connect to the DB, no idea why. This is so frustrating, giving up for now.