Hello Today I'am Gonna show you how to scan wordpress plugins from vulnerabilities ( sql injection, upload shell vulnerability ...) using simple python script called " Flunym0us ". This Script helped me so much to scan many wordpress sites.
First of All, We Need to install Software Called " Python " You can download it from here :
Download Python ( You need to download 2.7 version )
After Installing python, you need to download This Script :
Now, You Can Just Run This Script By Starting cmd ( Go To Start -> Search -> cmd.exe -> enter )
after, you have to copy The Script To c:\ and write Those commands on cmd :
- cd \
- cd flunym0us ( Here You Have to replace flunym0us by the folder which contains the script)
- flunym0us.py
If The Script Was opened Successfully , Now Just Run This Command ( On cmd ) :
- flunym0us.py -H http://your-target.com/ -wp -w wp-plugins.lst -t 60 -r 1 -p 2 -T 2
Don't Forget To Replace http://your-target.com/ By Your Wordpress Target ! And Just Click Enter , It will enumerate Wordpress user , active theme , version for you After it will start scanning plugins And Giving You Installed Plugins And Now You Just need To Search installed plugins On security Sites like (exploit-db, 1337days ...)
You Might Watch The Tutorial For More Information :
Thank you for reading , If you have any question, Don't Be Shy just put your comment here .
EmoticonEmoticon