There are a huge number of WordPress around the world. Most of them
are exposed to be attacked and be converted into a virus, malware or
illegal porn provider, without the knowledge of the blog owner.
are exposed to be attacked and be converted into a virus, malware or
illegal porn provider, without the knowledge of the blog owner.
This project try to help sysadmins and blog’s owners to make a bit secure their WordPress.
Plecost is a vulnerability fingerprinting and vulnerability finder for WordPress blog engine.
Table of Contents
What’s new?
This Plecost 3 version, add a lot of new features and fixes, like:
- Fixed a lot of bugs.
- New engine: without threads or any dependencies, but run more
faster. We’ll used python 3 asyncio and non-blocking connections. Also
consume less memory. Incredible, right? 🙂 - Changed CVE update system and storage: Now Plecost get
vulnerabilities directly from NIST and create a local SQLite data base
with filtered information for WordPress and theirs plugins. - WordPress vulnerabilities: Now Plecost also manage WordPress Vulnerabilities (not only for the Plugins).
- Add local vulnerability database are queryable. You can consult the
vulnerabilities for a concrete wordpress or plugins without, using the
local database.
Installation
Install Plecost is so easy:
$ python3 -m pip install plecost
Remember that Plecost3 only runs in Python 3.
Quick start
Scan a web site si so simple:
$ plecost http://SITE.com
A bit complex scan: increasing verbosity exporting results in JSON format and XML:
JSON
$ plecost -v http://SITE.com -o results.json
XML
$ plecost -v http://SITE.com -o results.xml
Example :
Download and read more at: