Plugin: Exploit Scan

Local malware and exploit scan

I need a plugin that scans files for suspicious patterns (base64_decode, eval, uudecode, etc) and database for posts and comments with suspicious text (iframe, noscript, etc).

I am testing these plugins on real infected site where there was script WSO Web Shell exploit in file cache.php seeded inside uploads folder.

• Exploit Scanner
  Author donncha works for Automattic so this plugin is really safe, but not up-to-date.

  Warning: It needs to have Wordress core hashes. If not, when I tested, it found 550 matches and in that way effectively has hide the real threat. Simply too much information and false positives specifying a lot of regular WP files.

  How to obtain core hashes if they are nonexistant:

  • must enable allow_url_fopen or it won’t be possible to generate WordPress core hashes if they are missing
  • Run /wp-content/plugins/exploit-scanner/hashes-generator.php to generate hashes for latest WordPress, and manually upload a file to plugin dir.
  • You will usually find those hashes already created in philipjohn/exploit-scanner-hashes repository, but don’t forget to look in pull requests that are not merged yet.

  Even with valid hashes, it had too much warnings to be useful. Found my malware, along with a dozen of others.

• Wemahu is a beautiful idea, but they decided to discontinue it. Didn’t found my malware.

• AntiVirus is checking only themes directory. No feedback and therefore not very usable.

• WP Doctor seems little amateur-ish, and it didn’t detect my exploit.

Sources:

• How To Scan Your WordPress Website For Hidden Malware

Monitor File Changes

Modifications

WordPress: Vulnerability Scanners

vulnerability scanner

WordPress vulnerability scanners / Malware Scanner

WPScan by the WPScan Team Nikto2

Sucuri SiteCheck Gravityscan Website Security Check - Unmask Parasites

Free Tools to Scan Your WordPress Website for Vulnerabilities

Website Security | Recurring, Affordable, and Usable

Sources:

• How To Scan WordPress Like a Hacker

WPScan and WPScan database

Tool to use as WordPress vulnerability scanner: wpscanteam/wpscan How To Use WPScan to Test for Vulnerable Plugins and Themes in Wordpress | DigitalOcean

How To Scan And Check A WordPress Website Security Using WPScan, Nmap, And Nikto

GPL fork is delvelabs/vane

Vulnerability database for WPScan: WordPress Plugin Vulnerabilities

https://wpvulndb.com/plugins

Or use preinstalled environment: wpscanteam/docker-wpscan

Test in docker:

sudo docker run -t -i --name wpscan wpscanteam/wpscan bash

sudo docker start wpscan
sudo docker exec -it wpscan bash

Update wpscan:

ruby wpscan.rb --update

Also, great toturials: Online Vulnerability Scanners and Port Scans