OWASP Wordpress Vulnerability Scanner Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP Wordpress Scanner Project
A wordpress scanner written in PHP, focus on vulnerability assessment and security audit of wordpress installation. Wordpress Scanner allows you to audit the security of your wordpress installation. It performs "black-box" scans, i.e. it does not study the source code of the application but will scan the webpages of the deployed webapp, looking for known vulnerability

Description
Wordpress Scanner is BlackBox Wordpress Vulnerability Scanner, inspired by WPScan and written in PHP.

Current Features
The following features are currently available.
 * Feature 1
 * Feature 2
 * Feature 3


 * valign="top" style="padding-left:25px;width:200px;" |

Resources

 * Latest Release @ Wordpress-Scanner Stable
 * Source Code @ Wordpress-Scanner on Github

Project Leader

 * Ramadhan Amizudin

Licensing
OWASP Wordpress Scanner is free software: you can redistribute it and/or modify it under the terms of the MIT License.

Classifications

 * }

=Requirement / Installation=

Requirement
 * PHP >= 5.3
 * PHP cURL Extension
 * PHP JSON Extension
 * PHP OpenSSL Extension (HTTPS Support)

Installation


 * Download from repo: git clone https://github.com/RamadhanAmizudin/Wordpress-scanner.git
 * Start Scanning: php app.php &lt;url&gt;

=FAQs=


 * Q1
 * A1


 * Q2
 * A2

= Acknowledgements =

Contributors
Ramadhan Amizudin - Core Developer.

Mokhdzani Faeq - Multi-thread support for plugin enumeration.

Nawawi Jamili - Code Enhancement.

Big thanks to WPScan.org team for providing plugin/theme/version vulnerability database - WPScan.org

= Road Map and Getting Involved = As of now, the priorities are:
 * Rewrite code to be more modular
 * Unit Tests
 * Add Proxy Support
 * Add Web UI
 * Add Password audit support
 * Add custom wordpress directory(wp-content and wp-plugin)
 * Add support for static user agent(currently random)
 * Vulnerability Database (currently using https://wpvulndb.com)