ZeroPress

github GitHub: https://github.com/nettitude/zeropress

A dumb script for finding dumb vulns

ZeroPress provides a way to quickly catch critical impact ‘low hanging fruit’ vulnerabilities in WordPress.  As a proof of concept, we discovered CVE-2015-5227, a RCE which affects the “Landing Pages” plugin, using ZeroPress.

Zeropress

ZeroPress

Broadly, ZeroPress allows you to:

  • Quickly find potential instances of remote code execution, SQL injection, object injection, XSS and more across an entire code base.
  • Automatically do a bulk download and scan of the top WordPress plugins.
  • Download and scan all themes and plugins for a live WordPress site based on a wpscan log – find zero days in a target site.
  • Optionally scan based on severity, e.g. find only RCE or SQLi vulnerabilities.

Download ZeroPress now

Our tool doesn’t do anything beyond pattern matching, and yet it’s proved to be very effective.  It focuses on WordPress plugins, which is where the majority of critical vulnerabilities now lie.

github GitHub: https://github.com/nettitude/zeropress