WordPress Vulnerability Assesment & Penetration Testing - WordPress Vulnerability Scanner

These days, Cyber attacks have become a regular phenomenon, featuring almost every week in the headlines. At times, it’s just some crazy fan printing pages from vulnerable printers around the globe to vote for his icon, other times it could be a group of hackers targeting popular CMSes with malware. Even a script kiddie can exploit common vulnerabilities in your site and damage critical infrastructure using loads of tools available online for free. Especially users of open source CMS like WordPress are amongst the soft targets. With the rise in cyber attacks, WordPress security audit has become more important than ever.

Lu Wei, former director of Cyberspace Administration of China, said-

The Internet is a worldwide platform for sharing information. It is a community of common interests. No country is immune to such global challenges as cybercrime, hacking, and invasion of privacy.

WordPress Security Audit: Getting Ready

In order to start testing your WordPress site for vulnerabilities, you need to set up the environment first. So, when it comes to WordPress security audit, Kali Linux is considered as the holy grail of WordPress penetration testing or any other kind of pentest. The reason being that Kali provides a huge amount of hacking tools for free. Therefore, first, we need to install Kali Linux on a system to pentest our WordPress site. Multiple approaches can be followed for this as Kali can be installed on a virtual box, a PC or even an Android phone! However, for this article, we shall use virtual box. It is noteworthy here that in a real attack scenario, using Virtual Box to obtain reverse shell can become tricky due to multiple port forwarding involved.

Installing Kali Linux for WordPress Security Audit

Step1: Download and install the latest version of Virtual box or any other emulator of your choice.

Step2: Now download and install the latest version of Kali Linux on Virtual Box for WordPress penetration testing.

Step3: Post-installation doesn’t forget to install certain “guest addition” tools with the help of this article.

Step4: If you still face any troubles with installing Kali on a VM, use the Kali VM image.

Now once, we have installed Kali, it is time to go for WordPress penetration testing. However, before proceeding further it is necessary to seek permission of the related authority before conducting a security audit of their WordPress site.

Need a complete WordPress security audit?. Drop us a message on the chat widget, and we’d be happy to help you fix it. Help me with my WordPress Penetration Testing now.

Seeking Consent for WordPress Penetration Testing

Before actively attacking a target, it is important that you take permission and get a contract signed from the respective WordPress site owner. In case you fail to do so, legal complications may arise and you might have to face jail time depending on the country where the target is located and the cyber laws prevailing there. Moreover, the tools of Kali come with a warning that they should be run only after getting approval from the target or for educational purposes only. Once all this is done, make sure to draft a good agreement with the help of a cybersecurity lawyer on what systems you target. Moreover, there are certain proactive steps that can be taken to avoid complications:

  • It is common wisdom to use virtual machines as much as possible for WordPress security audit to avoid complications.
  • In case you host a WordPress site on a third party server, you may need the consent of the hosting provider before conducting a WordPress security audit on your own site!
  • Trying to find vulnerabilities beyond your authorized resources may lead to a felony. Avoid accidentally testing unauthorized resources like routers owned by a different company.

The Three Steps of WordPress Penetration Testing

WordPress Penetration Testing: Mapping

The first step towards WordPress penetration testing when using the “Black Box” approach is gathering as much information about the target as possible. This is known as Mapping or Reconnaissance. This can be done through a variety of tools. Let us take a look at some of them.

NMAP

NMAP a.k.a ‘Network Mapper’ offers a wide variety of flexibility while mapping a target for WordPress security audit. Not only can NMAP scan ports and fingerprint backend technologies, but it can also evade firewalls to scan stealthily, use NSE scripts for automatic vulnerability discovery and so much more!

To access this tool, simply open the command line terminal on your Kali Linux and type:

nmap

Doing so would open the help interface of this tool containing all the key features. Now let us take a look at a live target. In the image given below, Nmap scans the domain scanme.nmap.org which is provided by the Nmap site to test this tool.

Related article: How to Fix WordPress Account Suspension by Host?

WordPress security audit and WordPress Penetration Testing using Nmap

The ‘-A’ option of Nmap means enabling OS detection, version detection, script scanning, and traceroute. Thereafter, the -T option helps Nmap to fine-grain the timing controls. The number 4 means an aggressive scan. Finally, Nmap has provided us with the following info:

  • Open ports along with the services running on them i.e. port 80 are open with Apache 2.0.52 running.
  • The operating system running on the target machine that is Linux 2.6.0-2.6.11. Along with the uptime of the server.

Thereafter, Nmap has also consecutively scanned our internal machine named ‘d0ze’ with Local IP 192.168.12.3. This scan has also revealed the Open ports along with their services and OS. Not only this, but Nmap has also enumerated the MAC address of this local machine. This is just the tip of the iceberg as Nmap can perform a wider variety of tasks. Apart from Nmap, some other popular tools for mapping site for WordPress security audit are:

Zenmap

If beginners find trouble using Nmap, a GUI alternative of Nmap known as Zenmap can be used for automation.

WordPress security audit + WordPress penetration Testing + using Zenmap

ReconDog

Another good tool available on Github for black box mapping is Recondog. Its description calls it a “Reconnaissance Swiss Army Knife”. It uses a mixture of OSINT and Mapping for WordPress security audit.

WordPress security audit + WordPress penetration Testing + using ReconDog

Open Source Intelligence (OSINT)

Moreover, other info about the target to conduct WordPress security audit can be gathered from the public domain. Information like:

  • Number of Subdomains available.
  • Nameservers.
  • Ownership info and emails of employees(for social engineering attacks).
  • Geolocation.

The resources that can be used for gathering OSNIT are:

Need a complete WordPress security audit?. Drop us a message on the chat widget, and we’d be happy to help you fix it. Help me with my WordPress Penetration Testing now.

WordPress Penetration Testing: Discovery

Post mapping all the technologies, it is now time for finding active vulnerabilities to conduct a WordPress security audit. The discovery part focuses on system specific vulnerability discovery. In our case, the target uses WordPress so, we shall see all the tools that can be used for WordPress vulnerability discovery. Apart from WordPress, if the target is using other CMS or other systems, even then some specific tools can be used for finding vulnerabilities.

Related article: WordPress Backdoor Hack: Symptoms, Finding & Fixing

WPScan

WPScan is a free tool that can be used to conduct a WordPress security audit. Designed with WordPress security in mind, this tool is a great choice for black box testing of your WordPress site. This tool keeps a vulnerability database of WordPress and keeps updating it from time to time. Not only core WordPress but, this tool can scan for vulnerabilities in WordPress plugins and themes too.

WordPress security audit + WordPress penetration Testing + using WPScan

As shown in the image above, this tools first updates the vulnerability database before performing discovery on the target.

To use this tool. Open the terminal in your Kali Linux and type:

wpscan –url www.example.com

This simple command will scan the target for vulnerabilities. This is just one example, for more help, on your terminal type: ‘wpscan -h’. This tool can also be used for:

  • WordPress login brute force.
  • User Enumeration on WordPress.
  • Enumerating WordPress themes and Plugins.
  • Finding default WordPress directories.

Nikto

Nikto is a great open source vulnerability scanner to conduct a WordPress security audit. Nikto can scan multiple kinds of servers and is very comprehensive. However, the downside of Nikto is that it takes too much time and makes too much noise. Therefore, Nikto is easily detectable of a WAF or IDS. Moreover, Nikto also generates many false positives which need to be vetted manually for WordPress penetration testing. For more options type “nikto -H”

WordPress security audit + WordPress penetration Testing + using Nikto

Burp Suite

Burp Suite is a great collection of tools that can significantly ease the process of WordPress security audit. Burp suit can act as a proxy between the browser and the server. Therefore, all the HTTP requests can be manipulated in real time to find various kinds of vulnerabilities. Apart from this, the Burp suite also provides various automatic tools for paid users only. The free edition of Burp suite is good for manual testing.

WordPress security audit + WordPress penetration Testing + using Burp Suite

Fuzzing

Fuzzing is the last resort in WordPress security audit when nothing seems to work. Fuzzing will basically send a large number of random characters to the parameters of your WordPress site. This can uncover even some zero-day flaws!. Although, fuzzing creates large noise which can be picked by IDS. Some lightweight fuzzing tools are:

For SQL injection: For comprehensive fuzzing of WordPress to find SQLi vulnerabilities, Sqlmap is probably the best tool. Not only fuzzing but Sqlmap can also be used for successful exploitation of an SQLi attack. Sqlamp can be used to enumerate databases on a vulnerable URL by the following command in Kali Linux:

sqlmap -u “target URL” –dbs

WordPress security audit + WordPress penetration Testing + using SQLmap

 

For XSS: XSSer can not only find but actively exploit XSS vulnerabilities. For more help type: ‘xsser -h’. For GUI, type: ‘xsser –gtk’

WordPress security audit + WordPress penetration Testing + using XSSer
XSSer GUI

 

For Command Injection: Commix a.k.a. COMMand Injection eXploiter can detect and exploit various types of command injections during a WordPress security audit. For more help, in Kali Linux type: commix -h

WordPress security audit + WordPress penetration Testing + using Commix

 

Other tools provided by Kali Linux for fuzzing during WordPress security audit are:

WordPress Penetration Testing: Exploitation

Post mapping and discovery, it is now time to identify exploitation points during a WordPress penetration testing. Trying the exploits can help us weed out the false positives. Though there are numerous frameworks for exploitation but for this article we shall only discuss one and its features.

Metasploit

Metasploit is an exploitation framework which can be used to exploit web apps, such as CMSes like WordPress. Developed and maintained by Rapid 7, Metasploit hosts a variety of exploits for different operating systems. First, update Metasploit before using by running the ‘msfupdate’ command in Kali Linux. Now, run Metasploit using the ‘msfconsole’ command. Some key parameters that need to be set in this tool are:

  • search: This feature can be used to search for WordPress related exploits
  • use exploit: Using this feature, a particular exploit related to WordPress can be uploaded i.e. use exploit/unix/webapp/wp_wpshop_ecommerce_file_upload
  • show options: This command list the parameters that need to be set thereafter.
  • set RHOST: This parameter needs the IP of the machine you wish to exploit.
  • set TARGETURI: This parameter lists the file path of the target.
  • set exploit: This command finally runs the exploit. Alternatively, the ‘run’ command can also be used for this.
WordPress security audit + WordPress penetration Testing + using Metasploit

WordPress Penetration Testing By Team Astra

Using multiple tools for WordPress penetration testing can be both confusing and tedious. Moreover, one cannot completely rely on automation. The solution to this dilemma is Astra. Astra provides a balanced mix of manual and automatic testing of your WordPress site. Moreover, Astra conducts both white box and black box WordPress security audit. Astra has a great community of hackers who ensure that no more security loopholes remain in your site.

Get your WordPress security audited by Astra today!

 

if(window.strchfSettings === undefined) window.strchfSettings = {}; window.strchfSettings.stats = {url: “https://astra-security.storychief.io/wordpress-security-audit-and-pentesting?id=983389001&type=2”,title: “WordPress Vulnerability Assesment & Penetration Testing – WordPress Vulnerability Scanner”,id: “8584b87e-9542-4b5e-bebf-59f4ae0db88b”}; (function(d, s, id) { var js, sjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {window.strchf.update(); return;} js = d.createElement(s); js.id = id; js.src = “https://d37oebn0w9ir6a.cloudfront.net/scripts/v0/strchf.js”; js.async = true; sjs.parentNode.insertBefore(js, sjs); }(document, ‘script’, ‘storychief-jssdk’))

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

A computer nerd. Loves working with Sqlmap and BeEF (the software) ;) Has experience in wireless pen tests. Owns a chatbot on Pandorabots named Mark1. In free time he can be found saving some goals.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close