fuzz target.com wordpress site:
./fuzz.wp.sh https://target.com
-
-
Save santaklouse/14e174d9179ec91b8cd4043b34c30b83 to your computer and use it in GitHub Desktop.
wp-wordlist helps you create wordlist of all the Wordpress' Themes and Plugins available
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ./wp-wordlist.sh 'plugin' > plugins.txt | |
| ./wp-wordlist.sh 'theme' > themes.txt | |
| ffuf -c -fs 0 -ac -mc 200 -t 30 -w plugins.txt -o ffuf-plugins.txt -H "User-Agent: Mozilla/5.0 Windows NT 10.0 Win64 AppleWebKit/537.36 Chrome/69.0.3497.100" -u $1/wp-content/plugins/FUZZ/readme.txt | |
| ffuf -c -fs 0 -ac -mc 200 -t 30 -w themes.txt -o ffuf-themes.txt -H "User-Agent: Mozilla/5.0 Windows NT 10.0 Win64 AppleWebKit/537.36 Chrome/69.0.3497.100" -u $1/wp-content/themes/FUZZ/readme.txt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wp-wordlist() | |
| { | |
| option="$1" | |
| if [[ "$option" == *"plugin"* ]]; then | |
| curl -s https://plugins.svn.wordpress.org/ | tail -n +5 | sed -e 's/<[^>]*>//g' -e 's/\///' -e 's/ \+//gp' | grep -v "Powered by Apache" | sort -u | |
| elif [[ "$option" == *"theme"* ]]; then | |
| curl -s https://themes.svn.wordpress.org/ | tail -n +5 | sed -e 's/<[^>]*>//g' -e 's/\///' -e 's/ \+//gp' | grep -v "Powered by Apache" | sort -u | |
| fi | |
| } | |
| wp-wordlist "$1" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment