WPSeku - Simple Wordpress Security Scanner

WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

Usage

                           _             
  __      ___ __  ___  ___| | ___   _    
  \ \ /\ / / '_ \/ __|/ _ \ |/ / | | |   
   \ V  V /| |_) \__ \  __/   <| |_| |   
    \_/\_/ | .__/|___/\___|_|\_\\__,_|   
           |_|                           
[--] WPSeku - Wordpress Security Scanner  
[--] WPSeku - v0.1.0                      
[--] Momo Outaadi (@M4ll0k)               
[--] https://github.com/m4ll0k/WPSeku   

Usage: wpseku.py --url URL

 -u --url Site URL (e.g: http://site.com)
 -e --enum 
  [u:  Usernames Enumeration
 -p --plugin 
  [x:  Search Cross Site Scripting vuln
  [l:  Search Local File Inclusion vuln
  [s:  Search SQL Injection vuln
 -t --theme 
  [x:  Search Cross Site Scripting vuln
  [l:  Search Local File Inclusion vuln
  [s:  Search SQL Injection vuln
 -b --brute 
  [l:  Bruteforce password login
  [x:  Bruteforce password login via XML-RPC
 --user  Set username, try with enum users
 --wordlist Set wordlist
 -h --help Show this help and exit
Examples:
  wpseku.py -u www.site.com
  wpseku.py -u www.site.com -e [u]
  wpseku.py -u site.com/path/wp-content/plugins/wp/wp.php?id= -p [x,l,s]
  wpseku.py -u site.com --user test --wordlist dict.txt -b [l,x]

Screenshot

Download WPSeku