Skip content
Are you looking for?
LRQA Cyber Labs

ZeroPress

github GitHub: https://github.com/nettitude/zeropress

A dumb script for finding dumb vulns

ZeroPress provides a way to quickly catch critical impact ‘low hanging fruit’ vulnerabilities in WordPress.  As a proof of concept, we discovered CVE-2015-5227, a RCE which affects the “Landing Pages” plugin, using ZeroPress.

Zeropress

ZeroPress

Broadly, ZeroPress allows you to:

  • Quickly find potential instances of remote code execution, SQL injection, object injection, XSS and more across an entire code base.
  • Automatically do a bulk download and scan of the top WordPress plugins.
  • Download and scan all themes and plugins for a live WordPress site based on a wpscan log – find zero days in a target site.
  • Optionally scan based on severity, e.g. find only RCE or SQLi vulnerabilities.

Download ZeroPress now

Our tool doesn’t do anything beyond pattern matching, and yet it’s proved to be very effective.  It focuses on WordPress plugins, which is where the majority of critical vulnerabilities now lie.

github GitHub: https://github.com/nettitude/zeropress

 

Latest Cyber Labs articles

  • Binary Ninja Plugin

    Article

    Recently, in response to a customer incident we needed to reverse engineer a malware sample of WhiteRabbit ransomware...

  • This Badge is My Badge

    Article

    When it comes to covert entry assessments, successfully capturing RFID badge values can mean the difference between failure...

  • Version Tracking in Ghidra

    Article

    When a binary is reverse engineered using Ghidra, various annotations are applied to aid in understanding the binary’s...

  • Cross Site Scripting Payloads

    Article

    We curate a set of fun and interesting Cross Site Scripting (XSS) payloads. They’re designed for quick...

  • Prowl

    Article

    Prowl is an open source data harvesting tool written in Python to help alleviate some of the more...

  • PoshC2 documentation

    Article

    We maintain PoshC2 documentation over at https://poshc2.readthedocs.io/en/latest/. For your convenience, we have also embedded it below.

  • Penetration Testing

    Article

    We are looking for passionate and skilled penetration testers with professional experience. There are multiple roles available...

  • Accelerator Program

    Article

    Do you want a job in cyber security but don’t know how to break into the industry? Tired...

  • Rocktastic

    Article

    Bigger, better (faster, stronger…) Bigger isn’t always better, but sometimes it is. If you need a huge word...