View Issue Details

IDProjectCategoryView StatusLast Update
0004864Kali LinuxNew Tool Requestspublic2019-10-28 13:14
Reportercohst Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionsuspended 
Product Version2018.2 
Summary0004864: Wordpress-Exploit-Framework
Description

I would like to ask if you could integrate the Wordpress-Exploit-Framework into Kali-Linux repos.

WPXF, short for the WordPress Exploit Framework, will help to go one step further and perform penetration tests on WordPress powered Websites with nearly 300 new exploits which are not included in Metasploit but are written in the same Code Framework (Ruby 2.5.x). WPXF uses Meterpreter as well and can be combined with Metasploit.

Dependencies:
sudo apt-get install build-essential patch
sudo apt-get install ruby-dev zlib1g-dev liblzma-dev

WPXF needs Ruby version 2.5.1 and needs the following gems to be installed: colorize, mime-types, nokogiri, require_all, rubyzip, slop and typhoeus

WPXF is available here: https://github.com/rastating/wordpress-exploit-framework
Information see here: http://pentestit.com/update-wordpress-exploit-framework-v1-9-2/

Thanks & regards for a feedback

Activities

g0tmi1k

g0tmi1k

2018-07-25 08:14

administrator   ~0009382

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool? either a download page or a link to the latest version
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [Activity] - When did the project start? Is is still actively being deployed?
  • [How to install] - How do you compile it?
    --- Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.
  • [How to use] - What are some basic commands/functions to demonstrate it?
cohst

cohst

2018-07-26 17:14

reporter   ~0009387

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] – WordPress Exploit Framework
  • [Version] - WordPress Exploit Framework v1.9.2
    --- If it uses source control (such as git), please make sure there is a release to match: https://github.com/rastating/wordpress-exploit-framework; Release is 1.9.2
  • [Homepage] - Where can the tool be found online? Where to go to get more information? https://github.com/rastating/wordpress-exploit-framework; http://pentestit.com/update-wordpress-exploit-framework-v1-9-2/; https://n0where.net/wordpress-exploit-framework
  • [Download] - https://github.com/rastating/wordpress-exploit-framework/archive/master.zip
  • [Author] – Rob rastating
  • [Licence] - How is the software distributed? What conditions does it come with? Free software, redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version
  • [Description] - What is the tool about? What does it do? The Tool is an Exploit Framework especially for WordPress, to identify and exploit know vulnerabilities in WordPress; it’s an complement to Metasploit
  • [Dependencies] - What is needed for the tool to work? Ruby 2.5.1 + bundle install, build-essential patch, ruby-dev zlib1g-dev liblzma-dev
  • [Similar tools] - What other tools are out there? Metasploit
  • [Activity] - When did the project start? Is is still actively being deployed? Started 2015, Last Update April 2018
  • [How to install] - How do you compile it? No compilation, when all dependencies are installed just run it with ./wpxf.rb
    --- Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.
  • [How to use] - What are some basic commands/functions to demonstrate it?
    wpxf > use exploit/shell/symposium_shell_upload
    [+] Loaded module: #<Wpxf::Exploit::SymposiumShellUpload:0x3916f20>
    wpxf [exploit/shell/symposium_shell_upload] > set host wp-sandbox
    [+] Set host => wp-sandbox
    wpxf [exploit/shell/symposium_shell_upload] > set target_uri /wordpress/
    [+] Set target_uri => /wordpress/
    wpxf [exploit/shell/symposium_shell_upload] > set payload exec
    [+] Loaded payload: #<Wpxf::Payloads::Exec:0x434d078>
    wpxf [exploit/shell/symposium_shell_upload] > set cmd echo "Hello, world!"
    [+] Set cmd => echo "Hello, world!"
    wpxf [exploit/shell/symposium_shell_upload] > run
    [-] Preparing payload...
    [-] Uploading the payload...
    [-] Executing the payload...
    [+] Result: Hello, world!
    [+] Execution finished successfully
cohst

cohst

2019-05-22 16:20

reporter   ~0010628

I have a question. Can you give a short information when this ticket will expected to be edited? I know you are very busy and this is not an urgent call of course, but just because it's in a few weeks open for one year I wanted to ask.

Thanks very much for information and regards.

g0tmi1k

g0tmi1k

2019-10-28 13:14

administrator   ~0011230

Thanks for the suggestion - but at this time, we don't believe this is going to be a good fit.

  • Semi abandoned project (Not many commits, dated copyright)

Issue History

Date Modified Username Field Change
2018-07-24 18:33 cohst New Issue
2018-07-25 08:14 g0tmi1k Note Added: 0009382
2018-07-26 17:14 cohst Note Added: 0009387
2018-07-28 20:47 elwood Status new => acknowledged
2019-05-22 16:20 cohst Note Added: 0010628
2019-10-28 13:14 g0tmi1k Note Added: 0011230
2019-10-28 13:14 g0tmi1k Status acknowledged => closed
2019-10-28 13:14 g0tmi1k Resolution open => suspended