GitHub: https://github.com/nettitude/zeropress
A dumb script for finding dumb vulns
ZeroPress provides a way to quickly catch critical impact ‘low hanging fruit’ vulnerabilities in WordPress. As a proof of concept, we discovered CVE-2015-5227, a RCE which affects the “Landing Pages” plugin, using ZeroPress.
Broadly, ZeroPress allows you to:
- Quickly find potential instances of remote code execution, SQL injection, object injection, XSS and more across an entire code base.
- Automatically do a bulk download and scan of the top WordPress plugins.
- Download and scan all themes and plugins for a live WordPress site based on a wpscan log – find zero days in a target site.
- Optionally scan based on severity, e.g. find only RCE or SQLi vulnerabilities.
Download ZeroPress now
Our tool doesn’t do anything beyond pattern matching, and yet it’s proved to be very effective. It focuses on WordPress plugins, which is where the majority of critical vulnerabilities now lie.
GitHub: https://github.com/nettitude/zeropress