wpsploit

wpsploit copied to clipboard

WPSploit

WPSploit - Exploiting WordPress With Metasploit.

This repository is designed for creating and/or porting of specific exploits for WordPress using metasploit as exploitation tool.

Currently:

45 modules (15 exploits and 30 auxiliaries)

Usage:

For the use of these modules, you can download them to the directory:

# cd /tmp
# git clone https://github.com/espreto/wpsploit
# mv wpsploit/modules/auxiliary/ ~/.msf4/modules/
# mv wpsploit/modules/exploits/ ~/.msf4/modules/
# msfconsole
or
# cd /path/to/msf
# ./msfconsole

For details, check the official documentation of metasploit talking about "Loading External Modules". All modules will be created based on WPScan Vulnerability Database - WPVDB.

The public GitHub source repository can be found at: https://github.com/espreto/wpsploit

Questions and suggestions can be sent to: robertoespreto[at]gmail.com

Mentioned in a blog post by Rapid7/Metasploit: "WordPress Exploitation Extravaganza".

Contributing

1. Fork it
2. Create your feature branch (git checkout -b my-new-feature)
3. Commit your changes (git commit -am 'Add some feature')
4. Push to the branch (git push origin my-new-feature)
5. Create new Pull Request

To Do:

Missing some features, but it's a start.