Video Tutorials

WPSploit – WordPress Plugin Code Scanner – Kali Linux 2017.3

WPSploit is intended for Penetration Testers who audit WordPress plugins or developers who wish to audit their own WordPress plugins.

It checks for:

Cross-Site Scripting (XSS)
SQL Injection
File Download
File Inclusion
File Manipulation
Command Execution
PHP Code Execution
Authorisation
Open Redirect
Cross-Site Request Forgery (CSRF)
SSL/TLS

Usage

$ git clone https://github.com/m4ll0k/wpsploit.git
$ cd wpsploit
$ python wpsploit.py plugin_file.php

Video

https://www.youtube.com/watch?v=z53Pc8d5ke0&feature=youtu.be