This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require 'typhoeus' | |
require 'json' | |
require 'uri' | |
require 'digest/md5' | |
# https://raw.githubusercontent.com/gwillem/magento-version-identification/master/version_hashes.json | |
target = ARGV[0] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<a onafterprint="console.log(244599)" onbeforeprint="console.log(309354)" onbeforeunload="console.log(879813)" onerror="console.log(949564)" onhashchange="console.log(575242)" onload="console.log(301053)" onmessage="console.log(976974)" onoffline="console.log(796090)" ononline="console.log(432638)" onpagehide="console.log(504345)" onpageshow="console.log(696619)" onpopstate="console.log(398418)" onresize="console.log(943097)" onstorage="console.log(882233)" onunload="console.log(929443)" onblur="console.log(932104)" onchange="console.log(102339)" oncontextmenu="console.log(761265)" onfocus="console.log(188946)" oninput="console.log(143653)" oninvalid="console.log(304208)" onreset="console.log(318472)" onsearch="console.log(778420)" onselect="console.log(942035)" onsubmit="console.log(603589)" onkeydown="console.log(650647)" onkeypress="console.log(579383)" onkeyup="console.log(821763)" onclick="console.log(284098)" ondblclick="console.log(477370)" ondrag="console.log(439095)" ondragend="console.log(546684)" o |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
java_import 'burp.IBurpExtender' | |
java_import 'burp.IScannerCheck' | |
java_import 'burp.IScanIssue' | |
require 'java' | |
java_import 'java.util.Arrays' | |
java_import 'java.util.ArrayList' | |
# | |
# You will need to download JRuby's Complete.jar file from http://jruby.org/download and configure Burp Extender with its path. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require 'typhoeus' | |
target_url = ARGV[0] | |
usernames = File.read(ARGV[1]).split("\n") | |
passwords = File.read(ARGV[2]).split("\n") | |
hydra = Typhoeus::Hydra.new |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Yes, this is a joke. But we will really be releasing a WordPress plugin. Let us know if you find any vulnerabilities ;) | |
9f10c5276812e8fdabc2c4e5bb75f836 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require 'wpscan' | |
require 'uri' | |
filename = ARGV[0] | |
def check_wordpress( website ) | |
WPScan::Browser.instance( disable_tls_checks: true ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> select id from vulnerabilities where poc != ''; | |
+------+ | |
| id | | |
+------+ | |
| 6028 | | |
| 6219 | | |
| 6499 | | |
| 6548 | | |
| 7680 | | |
| 7710 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Get your API token from wpvulndb.com if you also want the vulnerabilities associated with the detected plugin displaying. | |
For all plugins with known vulnerabilities: | |
wpscan --url example.com -e vp --plugins-detection mixed --api-token YOUR_TOKEN | |
For all plugins in our database (could take a very long time): | |
wpscan --url example.com -e ap --plugins-detection mixed --api-token YOUR_TOKEN |
OlderNewer