WPSeku is a popular open-source tool used for scanning and analyzing the security vulnerabilities in WordPress websites. It is specifically designed for penetration testers and security professionals to assess the security posture of WordPress installations.
Installation Commands
pkg up -y
pkg install git -y
pkg install python -y
cd WPSeku
pip install -r requirements.txt
python wpseku.py
Use : Example
python wpseku.py --url https://google.com --verbose
In Termux, WPSeku can be used to perform various security checks on WordPress sites, including:
- User Enumeration: WPSeku can enumerate the usernames of WordPress users by attempting to log in with different usernames and monitoring the responses from the server.
- Plugin and Theme Enumeration: It can discover the installed plugins and themes on a WordPress site, including their versions, and check if any known vulnerabilities are associated with them.
- Version Detection: WPSeku can identify the version of WordPress running on a target site. Knowing the WordPress version is crucial as it helps in determining the potential vulnerabilities and exploits that can be targeted.
- Vulnerability Scanning: WPSeku can scan for known vulnerabilities in WordPress core files, themes, and plugins. It compares the versions against a database of vulnerabilities and provides information about potential security issues.
- Timthumb RCE Detection: WPSeku can detect the presence of TimThumb, a popular image resizing script used in many WordPress themes, and check for remote code execution vulnerabilities associated with it.
Overall, WPSeku is a powerful tool that helps security professionals identify and mitigate security weaknesses in WordPress websites. It is important to use such tools responsibly and with proper authorization to ensure the security of web applications.