WordpressPingbackPortScanner

Wordpress exposes a so called Pingback API to link to other blogposts. Using this feature you can scan other hosts on the intra- or internet via this server. You can also use this feature for some kind of distributed port scanning: You can scan a single host using multiple Wordpress Blogs exposing this API. This issue was fixed in Wordpress 3.5.1. Older versions are vulnerable, if the XML-RPC Interface is active.

http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/

Examples

Before you start you need to install all dependencies with

gem install bundler
bundle install

Quick-scan a target via a blog:

ruby wppps.rb -t http://www.target.com http://www.myblog.com/

Use multiple blogs to scan a single target:

ruby wppps.rb -t http://www.target.com http://www.myblog1.com/ http://www.myblog2.com/ http://www.myblog3.com/

Scan a free wordpress.com blog (all ports) from the internal network:

ruby wppps.rb -a -t http://localhost http://myblog.wordpress.com/

Name		Name	Last commit message	Last commit date
Latest commit History 55 Commits
.gitignore		.gitignore
CREDITS		CREDITS
Gemfile		Gemfile
README.md		README.md
wppps.rb		wppps.rb

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.gitignore

.gitignore

CREDITS

CREDITS

Gemfile

Gemfile

README.md

README.md

wppps.rb

wppps.rb

Repository files navigation

WordpressPingbackPortScanner

Examples

About

Releases

Sponsor this project

Packages

Contributors 2

Languages

firefart/WordpressPingbackPortScanner

Folders and files

Latest commit

History

Repository files navigation

WordpressPingbackPortScanner

Examples

About

Resources

Stars

Watchers

Forks

Sponsor this project

Languages