Wordpress Plugins Scanner

  • 358 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
358
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
5
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Wordpress Plugins Scanner„To hack or not hack, that is the real question!“ Avădănei Andrei Founder & CEO DefCamp linkedin.com/in/andreiavadanei twitter.com/AndreiAvadanei
  • 2. Short bio● Founder & CEO of DefCamp … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :))● Founder Cyber Security Research Center from Romania (CCSIR)● Community manager @worldit.info● Vice President at GREPIT● Volunteer at BitDefender Romania● ...
  • 3. Once upon a time..● Somewhere in the www appeared HTML websites (bullshit)● Then web 2.0 websites took the lights● + third party plugins (hell yeah)● It was a wonderful time full of innovation and peace (>:D<)● Then came the hackers and seized a big opportunnity● But that is another story. >:)
  • 4. Third-party apps● Some sort of crowd development● A good idea, poorly implemented● Used by everybody in different ways (Google, Facebook, Apple, Wordpress, Joomla, Vbulletin, Moodle ..)● Usually there is no security test for apps before being accepted in their market store● And there is the place where all magic starts
  • 5. Case study : Wordpress● 23,688 plugins● 416,305,218 downloads● and counting● Not bad, right?● If we cannot break in the core, lets hack his chilldrens● And here WP Plugins Scanner come in
  • 6. WP Plugins Scanner● White box pentesting tool● Hooked RIPS implemented● You can download plugins from WP directory● You can build some sort of repository on your localhost● Asynchronous scanning● Soon : – target websites and enumerate their plugins – subversioning for plugins – auto-monitor updates – cache-ing results – similar scanners for Joomla, Vbulletin and others?
  • 7. Demo
  • 8. Questions? :-)
  • 9. Thanks!Avădănei AndreiFounder & CEO DefCamplinkedin.com/in/andreiavadaneitwitter.com/AndreiAvadaneigithub.com/CCSIR/WP-Plugins-Scanner
  • 10. Thanks!Avădănei AndreiFounder & CEO DefCamplinkedin.com/in/andreiavadaneitwitter.com/AndreiAvadaneigithub.com/CCSIR/WP-Plugins-Scanner