Plugin: Exploit Scan

Plugin: Exploit Scan

Local malware and exploit scan

I need a plugin that scans files for suspicious patterns (base64_decode, eval, uudecode, etc) and database for posts and comments with suspicious text (iframe, noscript, etc).

I am testing these plugins on real infected site where there was script WSO Web Shell exploit in file cache.php seeded inside uploads folder.

  • Exploit Scanner
    Author donncha works for Automattic so this plugin is really safe, but not up-to-date.

    Warning: It needs to have Wordress core hashes. If not, when I tested, it found 550 matches and in that way effectively has hide the real threat. Simply too much information and false positives specifying a lot of regular WP files.

    How to obtain core hashes if they are nonexistant:

    • must enable allow_url_fopen or it won’t be possible to generate WordPress core hashes if they are missing
    • Run /wp-content/plugins/exploit-scanner/hashes-generator.php to generate hashes for latest WordPress, and manually upload a file to plugin dir.
    • You will usually find those hashes already created in philipjohn/exploit-scanner-hashes repository, but don’t forget to look in pull requests that are not merged yet.

    Even with valid hashes, it had too much warnings to be useful. Found my malware, along with a dozen of others.

  • Wemahu is a beautiful idea, but they decided to discontinue it. Didn’t found my malware.

  • AntiVirus is checking only themes directory. No feedback and therefore not very usable.

  • WP Doctor seems little amateur-ish, and it didn’t detect my exploit.

Sources:


Monitor File Changes

Modifications


WordPress: Vulnerability Scanners

vulnerability scanner

WordPress vulnerability scanners / Malware Scanner

WPScan by the WPScan Team Nikto2

Sucuri SiteCheck Gravityscan Website Security Check - Unmask Parasites

Free Tools to Scan Your WordPress Website for Vulnerabilities

Website Security | Recurring, Affordable, and Usable

Sources:


WPScan and WPScan database

Tool to use as WordPress vulnerability scanner: wpscanteam/wpscan How To Use WPScan to Test for Vulnerable Plugins and Themes in Wordpress | DigitalOcean

How To Scan And Check A WordPress Website Security Using WPScan, Nmap, And Nikto

GPL fork is delvelabs/vane

Vulnerability database for WPScan: WordPress Plugin Vulnerabilities

https://wpvulndb.com/plugins

Or use preinstalled environment: wpscanteam/docker-wpscan

Test in docker:

sudo docker run -t -i --name wpscan wpscanteam/wpscan bash

sudo docker start wpscan
sudo docker exec -it wpscan bash

Update wpscan:

ruby wpscan.rb --update

Also, great toturials: Online Vulnerability Scanners and Port Scans


date 19. Sep 2016 | modified 20. Jan 2023
filename: Wordpress » Security » Plugins » Exploit & Vulnerability Scan