PwnPress Framework is a powerful and automated WordPress vulnerability scanner - the exploitation tool part stills under development and looking for colaborators. It can scan WordPress sites (in the same way as WPScan) and it aims detect and exploit vulnerabilities in WordPress core, plugins, and themes in a future. It is completely free, open source and with no API rate limit.
- Automated Scanning: Automatically scans WordPress websites for info gathering and known vulnerabilities.
- Multiple Exploitation Techniques: Supports SQLi, XSS, RCE, file inclusion, path traversal, SSRF, and insecure file uploads.
- Request Crafting: Constructs and sends HTTP requests with injected payloads.
- Response Analysis: Analyzes server responses to detect vulnerabilities.
- Exploitation: Attempts to exploit detected vulnerabilities.
- Settings Management: Allows setting constant parameters for scanning and exploitation.
Still not ready yet but it will be!
The project needs:
- People to take care of social media and promotion
- People with cybersecurity skills
- People with Java skills
- People with PHP skills
- People with Python skills
If you have any other skills that you consider relevant for the project, let me know! Join the project: http://pwnpress.org/