WPSploit - Exploiting Wordpress With Metasploit
Ruby

README.md

WPSploit

WPSploit - Exploiting WordPress With Metasploit.

This repository is designed for creating and/or porting of specific exploits for WordPress using metasploit as exploitation tool.

Currently:

45 modules (15 exploits and 30 auxiliaries)

Usage:

For the use of these modules, you can download them to the directory:

# cd /tmp
# git clone https://github.com/espreto/wpsploit
# mv wpsploit/modules/auxiliary/ ~/.msf4/modules/
# mv wpsploit/modules/exploits/ ~/.msf4/modules/
# msfconsole
or
# cd /path/to/msf
# ./msfconsole

For details, check the official documentation of metasploit talking about "Loading External Modules".
All modules will be created based on WPScan Vulnerability Database - WPVDB.

The public GitHub source repository can be found at:
https://github.com/espreto/wpsploit

Questions and suggestions can be sent to:
robertoespreto[at]gmail.com

Mentioned in a blog post by Rapid7/Metasploit: "WordPress Exploitation Extravaganza".

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

To Do:

Missing some features, but it's a start.