Your SlideShare is downloading. ×
0
Wordpress Plugins Scanner„To hack or not hack, that is the real question!“  Avădănei Andrei  Founder & CEO DefCamp  linked...
Short bio●   Founder & CEO of DefCamp … and CTO (tech), CFO (financial), CMO (marketing), Sales    Manager, Community Mana...
Once upon a time..●   Somewhere in the www appeared HTML websites          (bullshit)●   Then web 2.0 websites took the li...
Third-party apps●   Some sort of crowd development●   A good idea, poorly implemented●   Used by everybody in different wa...
Case study : Wordpress●   23,688 plugins●   416,305,218 downloads●   and counting●   Not bad, right?●   If we cannot break...
WP Plugins Scanner●       White box pentesting tool●       Hooked RIPS implemented●       You can download plugins from WP...
Demo
Questions? :-)
Thanks!Avădănei AndreiFounder & CEO DefCamplinkedin.com/in/andreiavadaneitwitter.com/AndreiAvadaneigithub.com/CCSIR/WP-Plu...
Thanks!Avădănei AndreiFounder & CEO DefCamplinkedin.com/in/andreiavadaneitwitter.com/AndreiAvadaneigithub.com/CCSIR/WP-Plu...
Upcoming SlideShare
Loading in...5
×

Wordpress Plugins Scanner

446

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
446
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Wordpress Plugins Scanner"

  1. 1. Wordpress Plugins Scanner„To hack or not hack, that is the real question!“ Avădănei Andrei Founder & CEO DefCamp linkedin.com/in/andreiavadanei twitter.com/AndreiAvadanei
  2. 2. Short bio● Founder & CEO of DefCamp … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :))● Founder Cyber Security Research Center from Romania (CCSIR)● Community manager @worldit.info● Vice President at GREPIT● Volunteer at BitDefender Romania● ...
  3. 3. Once upon a time..● Somewhere in the www appeared HTML websites (bullshit)● Then web 2.0 websites took the lights● + third party plugins (hell yeah)● It was a wonderful time full of innovation and peace (>:D<)● Then came the hackers and seized a big opportunnity● But that is another story. >:)
  4. 4. Third-party apps● Some sort of crowd development● A good idea, poorly implemented● Used by everybody in different ways (Google, Facebook, Apple, Wordpress, Joomla, Vbulletin, Moodle ..)● Usually there is no security test for apps before being accepted in their market store● And there is the place where all magic starts
  5. 5. Case study : Wordpress● 23,688 plugins● 416,305,218 downloads● and counting● Not bad, right?● If we cannot break in the core, lets hack his chilldrens● And here WP Plugins Scanner come in
  6. 6. WP Plugins Scanner● White box pentesting tool● Hooked RIPS implemented● You can download plugins from WP directory● You can build some sort of repository on your localhost● Asynchronous scanning● Soon : – target websites and enumerate their plugins – subversioning for plugins – auto-monitor updates – cache-ing results – similar scanners for Joomla, Vbulletin and others?
  7. 7. Demo
  8. 8. Questions? :-)
  9. 9. Thanks!Avădănei AndreiFounder & CEO DefCamplinkedin.com/in/andreiavadaneitwitter.com/AndreiAvadaneigithub.com/CCSIR/WP-Plugins-Scanner
  10. 10. Thanks!Avădănei AndreiFounder & CEO DefCamplinkedin.com/in/andreiavadaneitwitter.com/AndreiAvadaneigithub.com/CCSIR/WP-Plugins-Scanner
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×