WordpressPingbackPortScanner
Wordpress
exposes a so called Pingback API to link to other blogposts. Using
this feature you can scan other hosts on the intra- or internet via
this server. You can also use this feature for some kind of
distributed port scanning: You can scan a single host using multiple
Wordpress Blogs exposing this API. This issue was fixed in Wordpress
3.5.1. Older versions are vulnerable, if the XML-RPC Interface is
active.
(1)Download
from here
(2)Extract
it in folder
(3)cd
Downloads/WordpressPingbackPortScanner-master/
(4)It
does not work default ruby version which is 1.9.2 ; so by running
update-alternatives we can change ruby version to 1.8.2
update-alternatives
--config ruby
select
1
(5)
gem install bundler
bundle install
Use:-
Quick-scan a target via a blog:
ruby wppps.rb -t http://www.target.com http://www.myblog.com/
Use multiple blogs to scan a single target:
ruby wppps.rb -t http://www.target.com http://www.myblog1.com/ http://www.myblog2.com/ http://www.myblog3.com/
Scan a free wordpress.com blog (all ports) from the internal network:
ruby wppps.rb -a -t http://localhost http://myblog.wordpress.com/
No comments:
Post a Comment