Burp Wordpress Scanner

2/15/2022by admin

Online WordPress Security Scanner to test vulnerabilities of a WordPress installation. Checks include application security, WordPress plugins, hosting environment, and web server.

  1. Burp Bounty Pro: Burp Bounty Free: Smart Scan-Quick issues information: When Burp Bounty Pro detect one vulnerability you're informed at the moment: Normal issues information: When Burp Bounty detect one vulnerability you're informed when all profiles are launches and finished. Basic pack of profiles.
  2. Pentest-Tools Windows Active Directory Pentest General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Reverse Shellz Backdoor finder Lateral Movement POST Exploitation Post Exploitation - Phish Credentials Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on.
  3. Java Deserialization Scanner is a Burp Suite plugin aimed at detect and exploit Java deserialization vulnerabilities. It was written by Federico Dotta, a Security Advisor at @ Mediaservice.net. The plugin is made up of three different components: Integration with Burp Suite active and passive scanner.

On this WordPress security testing page, there are two options. The first is a FREE passive check that downloads a handful of pages from the website and performs analysis on the raw HTML code. The second option is a thorough active scan that attempts to enumerate plugins, themes, and users with custom WordPress auditing scripts that use the Nmap NSE framework.

Introduction Both OWASP ZAP and Burp Suite are considered intercepting proxies (on steroids) that sits between the browser and the webserver to intercept and manipulate requests exchange.


Need an expert? We will identify and validate ways to improve your security

Perform a Free WordPress Security Scan with a .

Scanner

Check any WordPress based site and get a high level overview of the sites security posture. Once you see how easy it is grab a membership and test WordPress + Server Vulnerabilities with Nmap WordPress NSE Scripts, Nikto, OpenVAS and more.

Items checked in the FREE scan
Attempt to detect version of WordPress Core
Find Plugins in HTML response
Identify theme in use
Attempt to enumerate first 2 WP users
List page resources including js & iframes
Test for directory indexing enabled on key locations
Check Google Safe Browse for reputation
Valid Target(s)
www.example.com
https://example.com/
192.16.1.1
Login for WordPress Enumeration & Vulnerability Scanners
Aggressive enumeration of plugins, themes, version and interesting urls.
  • Detect WP plugin versions, themes and users with Nmap NSE Scripts
  • Identify the attack surface through plugin and theme enumeration
  • Passive Analysis Report on up to in one click
  • Test WordPress with OpenVAS and Nikto Scanners
  • Access to 27 Vulnerability Scanners and OSINT Tools
  • Trusted Open Source Tools

About the WordPress Security Scans

The basic security check will review a WordPress installation for common security-related misconfigurations. Testing with the basic check option uses regular web requests. The system downloads a handful of pages from the target site, then performs analysis on the resulting HTML source.

The more option attempts to find all plugins/themes used on the WordPress installation and attempt to enumerate users of the site. These tests will generate HTTP 404 errors in the web server logs of the target site. Be warned If you test all plugins, this will generate more than 18000 log entries and potentially trigger intrusion prevention measures.

In identifying all the plugins, themes, and users of the site, you start to understand the attack surface. With this information, you can target further testing against the discovered resources.


2554
published CVE's (vulnerabilities) for
WordPress and its components

Comparing the Options

Free WordPress Security Check

  • at a time using the Passive WordPress Analysis Tool
  • WordPress Version Check
  • Site Reputation from Google
  • Default admin account enabled
  • Directory Indexing on plugins
  • Sites Externally linked from main page (reputation checks)
  • List WordPress Plugins detected through basic HTML analysis (try the Active enumeration option for more aggressive discovery of plugins).
  • Javascript linked
  • iframes present
  • Hosting Reputation and Geolocation information

Additional Benefits (with Membership)

  • at a time using the Passive WordPress Analysis Tool
  • Use Nmap NSE scripts for WordPress auditing
  • Identify plugins in /wp-content/plugins/ from a database of over 18000
  • Identify themes in /wp-content/themes/ from a database of over 2600
  • Fingerprint the version of the discovered plugins and themes to identify known vulnerabilities
  • Enumerate up to 50 user names
  • Custom OpenVAS WordPress Scan testing WordPress & Server vulnerabilities.
  • With membership you have full access to all security testing tools including port scanner, web server testing and system vulnerability scanner.
Scanner

WordPress is the worlds leading content management system. This makes it a popular target for attackers.

Analysis of compromised WordPress installations shows that exploitation most often occurs due to simple configuration errors or through plugins and themes that have not had security fixes applied.

The checks performed by our WordPress security scan will point out any obvious security failures in the WordPress installation. As well as providing recommended security-related configuration improvements to enhance the security of the website against future attacks.

Automated Security Vulnerability Scans.

Discover. Investigate. Learn.

Need an expert? Professional WordPress Assessments.

Burp Wordpress Scanner Plugin

Validated Security Report. Fast turn around.

Burp Wordpress Scanner Download

Additional Resources

Comments are closed.