WPSploit is intended for Penetration Testers who audit WordPress plugins or developers who wish to audit their own WordPress plugins.
It checks for:
Cross-Site Scripting (XSS)
SQL Injection
File Download
File Inclusion
File Manipulation
Command Execution
PHP Code Execution
Authorisation
Open Redirect
Cross-Site Request Forgery (CSRF)
SSL/TLS
Usage
$ git clone https://github.com/m4ll0k/wpsploit.git
$ cd wpsploit
$ python wpsploit.py plugin_file.php
Video
https://www.youtube.com/watch?v=z53Pc8d5ke0&feature=youtu.be
Add Comment