Skip to content

Wphackedhelp/WordpressPingbackPortScanner

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
.gitignore
.gitignore
 
 
CREDITS
CREDITS
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
README.md
README.md
 
 
wppps.rb
wppps.rb
 
 

Repository files navigation

WordpressPingbackPortScanner

Wordpress exposes a so called Pingback API to link to other blogposts. Using this feature you can scan other hosts on the intra- or internet via this server. You can also use this feature for some kind of distributed port scanning: You can scan a single host using multiple Wordpress Blogs exposing this API. This issue was fixed in Wordpress 3.5.1. Older versions are vulnerable, if the XML-RPC Interface is active.

http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/

Examples

Before you start you need to install all dependencies with

gem install bundler
bundle install

Quick-scan a target via a blog:

ruby wppps.rb -t http://www.target.com http://www.myblog.com/

Use multiple blogs to scan a single target:

ruby wppps.rb -t http://www.target.com http://www.myblog1.com/ http://www.myblog2.com/ http://www.myblog3.com/

Scan a free wordpress.com blog (all ports) from the internal network:

ruby wppps.rb -a -t http://localhost http://myblog.wordpress.com/

About

WordpressPingbackPortScanner

Topics

wordpress wordpress-scanner

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%