WordPress FingerPrinter Tool: Plecost

2015-05-26T00:16:32
ID N0WHERE:31356
Type n0where
Reporter N0where
Modified 2015-05-26T00:16:32

Description

_ Plecost is a vulnerability fingerprinting and vulnerability finder for WordPress blog engine _

Wordpress FingerPrinter Tool: Plecost

Why?

There are a huge number of WordPress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge of the blog owner.

This project try to help sysadmins and blog’s owners to make a bit secure their WordPress.

Installation Wordpress FingerPrinter Tool: Plecost

Install Plecost is so easy:

$ python3 -m pip install plecost

Remember that Plecost3 only runs in Python 3 .

Quick start

Scan a web site si so simple:

$ plecost http://SITE.com

A bit complex scan: increasing verbosity exporting results in JSON format and XML:

_ JSON _

$ plecost -v http://SITE.com -o results.json

_ XML _

$ plecost -v http://SITE.com -o results.xml

Wordpress FingerPrinter Tool: Plecost

Advanced scan options

No check WordPress version, only for plugins:

$ plecost -nc http://SITE.com

Force scan , even if not WordPress was detected:

$ plecost -f http://SITE.com

Display only the short banner:

$ plecost -nb http://SITE.com

List available wordlists:

$ plecost -nb -l

// Plecost - WordPress finger printer Tool - v1.0.0

Available word lists:
   1 - plugin_list_10.txt
   2 - plugin_list_100.txt
   3 - plugin_list_1000.txt
   4 - plugin_list_250.txt
   5 - plugin_list_50.txt
   6 - plugin_list_huge.txt

Select a wordlist in the list:

$ plecost -nb -w plugin_list_10.txt http://SITE.com

Increasing concurrency ( USE THIS OPTION WITH CAUTION. CAN SHUTDOWN TESTED SITE! )

$ plecost --concurrency 10 http://SITE.com

Or…

$ plecost -c 10 http://SITE.com

_ For more options, consult the –help command _ :

$ plecost -h

Wordpress FingerPrinter Tool: Plecost download