Wordpress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL.
Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets and a model–view–controller (MVC) Web application framework that can also be used independently.
Wordpress and Joomla are serice very common.
There are a vulnerabilty scans for wordpress (wpscan) and for joomla (joomscan)
You can download joomscan from here
For run Joomscan type :
perl joomscan.pl -u url
Options:
-x proxy:port = Proxy to tunnel
-c string = Cookie (name=value;)
-nv = No Version fingerprinting check
-nf = No Firewall detection check
-ot /path/ = Output to Text file
-vu = Verbose (output every Url scan)
-sp = Show completed Percentage
Example :
perl joomscan.pl -u www.site.com -x 127.0.0.1:9050 -ot /home/HackForLulz/result -sp -vu
Target = site.com
Proxy = localhost:9050 <- through by Tor
Output = /home/HackForLulz/result
Show percentage = yes
For more informations type : perl joomscan.pl
You can download wpscan from here
For run type :
ruby wpscan.rb --url url
Options:
--threads numberofthreads
--worldlist wordlist : Do wordlist password brute force on enumerated users
--enumerate p : enumerate plugins
--enumerate t : enumerate themes
--enumerate u : enumerate users
--enumerate tt : enumerate installed timthumbs
--proxy host:port
Example :
ruby wpscan.rb --url www.site.com --threads 16 --enumerate t --enumerate -u
Target = site.com
Threads = 16
Enumerate themes = Yes
Enumerate users = Yes
ruby wpscan.rb --url www.site.com --threads 32 --enumerate t --enumerate -u --enumerate tt --proxy 127.0.0.1:9050
Target = site.com
Threads = 32
Enumerate themes = Yes
Enumerate users = Yes
Enumerate installe timthumbs = Yes
Proxy = localhost:9050 <- Through by Tor
For more informations type : ruby wpscan.rb --help
If you have a problem or you need some explanations just write under this post!
No comments:
Post a Comment