Why don't you help Animal?

Thursday, July 25, 2013

Wordpress Pingback Port Scanner


WordpressPingbackPortScanner

Wordpress exposes a so called Pingback API to link to other blogposts. Using this feature you can scan other hosts on the intra- or internet via this server. You can also use this feature for some kind of distributed port scanning: You can scan a single host using multiple Wordpress Blogs exposing this API. This issue was fixed in Wordpress 3.5.1. Older versions are vulnerable, if the XML-RPC Interface is active.

(1)Download from here

(2)Extract it in folder

(3)cd Downloads/WordpressPingbackPortScanner-master/

(4)It does not work default ruby version which is 1.9.2 ; so by running update-alternatives we can change ruby version to 1.8.2
update-alternatives --config ruby
select 1

(5)
gem install bundler
bundle install
wordpress-pingback-port-scanner
 Use:-

Quick-scan a target via a blog:

ruby wppps.rb -t http://www.target.com http://www.myblog.com/

Use multiple blogs to scan a single target:

ruby wppps.rb -t http://www.target.com http://www.myblog1.com/ http://www.myblog2.com/ http://www.myblog3.com/

Scan a free wordpress.com blog (all ports) from the internal network:

ruby wppps.rb -a -t http://localhost http://myblog.wordpress.com/

No comments:

Post a Comment

UA-35960349-1