WPSeku – WordPress Security Scanner

WPSeku is a WordPress vulnerability scanner that allows penetration tester to scan target and search for vulnerabilities. there is a wide list of python scripts to run the attack from Generic to discovery up to bruteforce with a predefined word-list.

WPSeku - WordPress Security Scanner
WPSeku – WordPress Security Scanner

The Generic scan will provide the following information:

  • WordPress generic parts including login pages, URLs and more.
  • Check the configuration files and the wp-config backup if they are exposed.
  • Verify the WordPress path disclosures.
  • Checking directory listing
  • Checking wp-loging protection
  • Checking robots paths
  • Verify the WordPress version to see if they are vulnerable.

There is other modules to check plugins that may include critical vulnerabilities, another module for web application firewall verification and there is a predefined list to identify the WAF version based on plugins installed.

You can read more and download the tool over here: https://github.com/m4ll0k/WPSeku

Share