This repository is designed for creating and/or porting of specific exploits for WordPress using metasploit as exploitation tool.
45 modules (15 exploits and 30 auxiliaries)
For the use of these modules, you can download them to the directory:
# cd /tmp
# git clone https://github.com/espreto/wpsploit
# mv wpsploit/modules/auxiliary/ ~/.msf4/modules/
# mv wpsploit/modules/exploits/ ~/.msf4/modules/
# msfconsole
or
# cd /path/to/msf
# ./msfconsole
For details, check the official documentation of metasploit talking about "Loading External Modules".
All modules will be created based on WPScan Vulnerability Database - WPVDB.
The public GitHub source repository can be found at:
https://github.com/espreto/wpsploit
Questions and suggestions can be sent to:
robertoespreto[at]gmail.com
Mentioned in a blog post by Rapid7/Metasploit: "WordPress Exploitation Extravaganza".
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
Missing some features, but it's a start.