Wordpress Plugins Scanner
Upcoming SlideShare
Loading in...5
×
 

Wordpress Plugins Scanner

on

  • 554 views

 

Statistics

Views

Total Views
554
Views on SlideShare
554
Embed Views
0

Actions

Likes
0
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Wordpress Plugins Scanner Wordpress Plugins Scanner Presentation Transcript

  • Wordpress Plugins Scanner„To hack or not hack, that is the real question!“ Avădănei Andrei Founder & CEO DefCamp linkedin.com/in/andreiavadanei twitter.com/AndreiAvadanei
  • Short bio● Founder & CEO of DefCamp … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :))● Founder Cyber Security Research Center from Romania (CCSIR)● Community manager @worldit.info● Vice President at GREPIT● Volunteer at BitDefender Romania● ...
  • Once upon a time..● Somewhere in the www appeared HTML websites (bullshit)● Then web 2.0 websites took the lights● + third party plugins (hell yeah)● It was a wonderful time full of innovation and peace (>:D<)● Then came the hackers and seized a big opportunnity● But that is another story. >:)
  • Third-party apps● Some sort of crowd development● A good idea, poorly implemented● Used by everybody in different ways (Google, Facebook, Apple, Wordpress, Joomla, Vbulletin, Moodle ..)● Usually there is no security test for apps before being accepted in their market store● And there is the place where all magic starts
  • Case study : Wordpress● 23,688 plugins● 416,305,218 downloads● and counting● Not bad, right?● If we cannot break in the core, lets hack his chilldrens● And here WP Plugins Scanner come in
  • WP Plugins Scanner● White box pentesting tool● Hooked RIPS implemented● You can download plugins from WP directory● You can build some sort of repository on your localhost● Asynchronous scanning● Soon : – target websites and enumerate their plugins – subversioning for plugins – auto-monitor updates – cache-ing results – similar scanners for Joomla, Vbulletin and others?
  • Demo
  • Questions? :-)
  • Thanks!Avădănei AndreiFounder & CEO DefCamplinkedin.com/in/andreiavadaneitwitter.com/AndreiAvadaneigithub.com/CCSIR/WP-Plugins-Scanner
  • Thanks!Avădănei AndreiFounder & CEO DefCamplinkedin.com/in/andreiavadaneitwitter.com/AndreiAvadaneigithub.com/CCSIR/WP-Plugins-Scanner