WPwner look for metasploitable WordPress plugins.
# To run over a single URL
python wpwner.py -u http://example.com
# Scan a list of URLs
python wpwner.py -f url_list.txt
# Tweaks: custom wp-content and plugins folder
python wpwner.py -u http://example.com -w /custom_wp_content -p /custom_pluginsMake your own module to look for a custom plugin
name- Name of the plugin.address- Instalation folder inside WordPress.regex- Regex of the version number.version- Vulnerable version.metasploit- Metasploit module.
Example:
{
"name": "Wysija",
"address": "/wysija-newsletters/readme.txt",
"regex": "(Stable tag: )((\\d*\\.*)+)",
"version": "2.6.7",
"metasploit": "exploit/unix/webapp/wp_wysija_newsletters_upload"
}