{ "info": { "author": "Plecost team", "author_email": "plecost@iniqua.com", "bugtrack_url": null, "classifiers": [ "Environment :: Console", "Intended Audience :: Other Audience", "Intended Audience :: System Administrators", "License :: OSI Approved :: BSD License", "Operating System :: MacOS", "Operating System :: Microsoft :: Windows", "Operating System :: POSIX", "Programming Language :: Python :: 3", "Topic :: Security" ], "description": "Plecost\n=======\n\n\n![Logo](https://raw.githubusercontent.com/iniqua/plecost/develop/plecost_lib/doc/images/logo_plecost.jpg)\n\n\n*Plecost: Wordpress vulnerabilities finder*\n\nCode | https://github.com/iniqua/plecost/tree/python3\n---- | ----------------------------------------------\nIssues | https://github.com/iniqua/plecost/tree/python3/issues\nPython version | Python 3.3 and above\nAuthors | @ggdaniel (cr0hn) - @ffranz (ffr4nz)\nLast version | 1.1.1\n\nWhat's Plecost?\n---------------\n\nPlecost is a vulnerability fingerprinting and vulnerability finder for Wordpress blog engine. \n\nWhy?\n----\n\nThere are a huge number of Wordpress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge of the blog owner.\n \nThis project try to help sysadmins and blog's owners to make a bit secure their Wordpress.\n\nWhat's new?\n-----------\n\n### Plecost 3.1.1\n\n- Updated CVE database & Wordpress plugin list.\n- Fixed CVE & Wordpress plugins updater.\n- Performance tips\n- Open Issues\n\nYou can read entire list in [CHANGELOG](https://github.com/iniqua/plecost/blob/develop/CHANGELOG.md) file.\n\n### Plecost 3.0.0\n\nThis Plecost 3.0.0 version, add a lot of new features and fixes, like:\n\n- Fixed a lot of bugs.\n- New engine: without threads or any dependencies, but run more faster. We'll used python 3 asyncio and non-blocking connections. Also consume less memory. Incredible, right? :) \n- Changed CVE update system and storage: Now Plecost get vulnerabilities directly from NIST and create a local SQLite data base with filtered information for Wordpress and theirs plugins.\n- Wordpress vulnerabilities: Now Plecost also manage Wordpress Vulnerabilities (not only for the Plugins).\n- Add local vulnerability database are queryable. You can consult the vulnerabilities for a concrete wordpress or plugins without, using the local database.\n\n\nYou can read entire list in [CHANGELOG](https://github.com/iniqua/plecost/blob/develop/CHANGELOG.md) file.\n\n\nInstallation\n------------\n\n### Using Pypi\n\nInstall Plecost is so easy:\n\n```bash\n> python3 -m pip install plecost\n```\n\n**Remember that Plecost3 only runs in Python 3**.\n \n### Using Docker\n\nIf you don't want to install Plecost, you can run it using Docker:\n\n```bash\n> docker run --rm iniqua/plecost {ARGS}\n```\n\nWhere *{ARGS}* is any valid argument of Plecost. A real example could be:\n\n```bash\n> docker run --rm iniqua/plecost -nb -w plugin_list_10.txt http://SITE.com\n```\n\nQuick start\n-----------\n\nScan a web site si so simple:\n\n```bash\n> plecost http://SITE.com\n```\n\nA bit complex scan: increasing verbosity exporting results in JSON format and XML:\n\n*JSON*\n\n```bash\n> plecost -v http://SITE.com -o results.json\n```\n\n*XML*\n\n```bash\n> plecost -v http://SITE.com -o results.xml\n```\n\nAdvanced scan options\n---------------------\n\nNo check WordPress version, only for plugins:\n\n```bash\n> plecost -nc http://SITE.com \n```\n\n**Force scan**, even if not Wordpress was detected:\n\n```bash\n> plecost -f http://SITE.com\n```\n\nDisplay only the short banner:\n\n```bash\n> plecost -nb http://SITE.com\n```\n\nList available wordlists:\n\n```bash\n> plecost -nb -l \n\n// Plecost - Wordpress finger printer Tool - v1.0.0\n\nAvailable word lists:\n 1 - plugin_list_10.txt\n 2 - plugin_list_100.txt\n 3 - plugin_list_1000.txt\n 4 - plugin_list_250.txt\n 5 - plugin_list_50.txt\n 6 - plugin_list_huge.txt\n```\n\nSelect a wordlist in the list:\n\n```bash\n> plecost -nb -w plugin_list_10.txt http://SITE.com\n```\n\nIncreasing concurrency (**USE THIS OPTION WITH CAUTION. CAN SHUTDOWN TESTED SITE!**)\n\n```bash\n> plecost --concurrency 10 http://SITE.com\n```\n\nOr...\n\n```bash\n> plecost -c 10 http://SITE.com\n```\n\n*For more options, consult the --help command*:\n\n\n```bash\n> plecost -h\n```\n\nUpdating\n--------\n\nNew versions and vulnerabilities are released diary, you can upload the local database writing:\n\nUpdating vulnerability database:\n\n```bash\n> plecost --update-cve\n```\n\nUpdating plugin list:\n\n```bash\n> plecost --update-plugins\n```\n\nReading local vulnerability database\n------------------------------------\n\nPlecost has a local vulnerability database of Wordpress and wordpress plugins. You can consult it in off-line mode.\n\nListing all known plugins with vulnerabilities:\n\n```bash\n> plecost -nb --show-plugins\n \n// Plecost - Wordpress finger printer Tool - v1.0.0\n\n[*] Plugins with vulnerabilities known:\n\n { 0 } - acobot_live_chat_%26_contact_form\n { 1 } - activehelper_livehelp_live_chat\n { 2 } - ad-manager\n { 3 } - alipay\n { 4 } - all-video-gallery\n { 5 } - all_in_one_wordpress_security_and_firewall\n { 6 } - another_wordpress_classifieds_plugin\n { 7 } - anyfont\n { 8 } - april%27s_super_functions_pack\n { 9 } - banner_effect_header\n { 10 } - bannerman\n { 11 } - bib2html\n { 12 } - bic_media_widget\n { 13 } - bird_feeder\n { 14 } - blogstand-smart-banner\n { 15 } - blue_wrench_video_widget\n ...\n \n[*] Done!\n```\n\nShow vulnerabilities of a concrete plugin:\n\n```bash\n> plecost -nb -vp google_analytics\n \n// Plecost - Wordpress finger printer Tool - v1.0.0\n\n[*] Associated CVEs for plugin 'google_analytics':\n\n { 0 } - CVE-2014-9174:\n\n Affected versions:\n\n <0> - 5.1.2\n <1> - 5.1.1\n <2> - 5.1\n <3> - 5.1.0\n\n[*] Done!\n```\n \nShow details of a concrete CVE:\n \n```bash\n> plecost -nb --cve CVE-2014-9174\n \n// Plecost - Wordpress finger printer Tool - v1.0.0\n\n[*] Detail for CVE 'CVE-2014-9174':\n\n Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the \"Manually enter your UA code\" (manual_ua_code_field) field in the General Settings.\n\n\n[*] Done!\n\n```\n\nExamples\n--------\n\nGetting the [100k top WordPress sites (http://hackertarget.com/100k-top-wordpress-powered-sites/) and getting aleatory one of them...\n \n![running](https://raw.githubusercontent.com/iniqua/plecost/python3/plecost_lib/doc/images/running.gif)\n \nAnd... here more results of Plecost for real sites... :)\n \n![Example1](https://raw.githubusercontent.com/iniqua/plecost/python3/plecost_lib/doc/images/scan_example1.png)\n![Example2](https://raw.githubusercontent.com/iniqua/plecost/python3/plecost_lib/doc/images/scan_example2.png)\n![Example3](https://raw.githubusercontent.com/iniqua/plecost/python3/plecost_lib/doc/images/scan_example3.png)\n![Example4](https://raw.githubusercontent.com/iniqua/plecost/python3/plecost_lib/doc/images/scan_example4.png)\n![Example5](https://raw.githubusercontent.com/iniqua/plecost/python3/plecost_lib/doc/images/scan_example5.png)\n![Example6](https://raw.githubusercontent.com/iniqua/plecost/python3/plecost_lib/doc/images/scan_example6.png)\n![Example7](https://raw.githubusercontent.com/iniqua/plecost/python3/plecost_lib/doc/images/scan_example7.png)\n\nWhere to fish?\n--------------\n\nPlecost is available on:\n\n* Kali Linux http://www.kali.org/\n* BackTrack 5 http://www.backtrack-linux.org/\n* BackBox http://www.backbox.org/\n\nReferences\n----------\n\n* http://www.securitybydefault.com/2010/03/seguridad-en-wordpress.html\n* http://www.securitybydefault.com/2011/11/identificacion-de-vulnerabilidades-en.html\n* http://www.clshack.it/plecost-a-wordpress-penetration-test-for-plugins\n* http://securityetalii.wordpress.com/2010/03/06/auditando-wordpress-con-plecost/\n* http://loginroot.diosdelared.com/?coment=6116\n* http://ayudawordpress.com/securidad-en-wordpress/\n* http://www.ehacking.net/2012/05/wordpress-security-vulnerability.html", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/iniqua/plecost/tree/python3", "keywords": "", "license": "BSD", "maintainer": "", "maintainer_email": "", "name": "plecost", "package_url": "https://pypi.org/project/plecost/", "platform": "", "project_url": "https://pypi.org/project/plecost/", "project_urls": { "Homepage": "https://github.com/iniqua/plecost/tree/python3" }, "release_url": "https://pypi.org/project/plecost/1.1.3/", "requires_dist": null, "requires_python": "", "summary": "Wordpress finger printer tool and vulnerabilities searcher", "version": "1.1.3" }, "last_serial": 3326341, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "d6f0f0402ce22a80c1cce716769b5949", "sha256": "e5a301361d79006636ad0828e5b212bbc36f8bc018629cfc863d619e17d3bfb9" }, "downloads": -1, "filename": "plecost-1.0.0.tar.gz", "has_sig": false, "md5_digest": "d6f0f0402ce22a80c1cce716769b5949", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 141772, "upload_time": "2015-02-26T15:39:34", "url": "https://files.pythonhosted.org/packages/e1/de/5027ba14831775ad13abd7e05d97c97e7df94e708db7a8b2492665d55b2f/plecost-1.0.0.tar.gz" } ], "1.0.0-1": [ { "comment_text": "", "digests": { "md5": "08e647bbd29ebf770496a4b46c41ef8b", "sha256": "5cebcc27f2c21df04d5b5e8c1b52df7ae2454fd2d4beacb1773543b03335ed12" }, "downloads": -1, "filename": "plecost-1.0.0-1.tar.gz", "has_sig": false, "md5_digest": "08e647bbd29ebf770496a4b46c41ef8b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 383065, "upload_time": "2015-02-28T00:31:31", "url": "https://files.pythonhosted.org/packages/be/33/02ac1a1c85a4b468f0786b3d6934938c3f83ce62033bfa8e7a488f430e56/plecost-1.0.0-1.tar.gz" } ], "1.0.0-2": [ { "comment_text": "", "digests": { "md5": "11bffc42ea26bf530851b8510a8f4489", "sha256": "ff845b2c2303ed2bf44661c3ec8c3f7a60c190aa6846eb28064f66e7a59f4233" }, "downloads": -1, "filename": "plecost-1.0.0-2.tar.gz", "has_sig": false, "md5_digest": "11bffc42ea26bf530851b8510a8f4489", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 383075, "upload_time": "2015-02-28T01:09:42", "url": "https://files.pythonhosted.org/packages/b3/32/83ca6a2b9264f6d069a1cf64203749cc1796407f0fc0adec0853af32b524/plecost-1.0.0-2.tar.gz" } ], "1.0.0-3": [ { "comment_text": "", "digests": { "md5": "42bbb3fcd8712c36198e4e3e88932127", "sha256": "9a9a07be05dac55b34bd5974a9dd19c375878785e03583939dab31477760ad56" }, "downloads": -1, "filename": "plecost-1.0.0-3.tar.gz", "has_sig": false, "md5_digest": "42bbb3fcd8712c36198e4e3e88932127", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 383118, "upload_time": "2015-03-01T10:49:34", "url": "https://files.pythonhosted.org/packages/4f/0b/da7054b1e53bef8e05c6fdbc07b2ca994182695d7a72eb6e838bab499a95/plecost-1.0.0-3.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "f9bcf77823827791a107ce6224853b9d", "sha256": "3e96fa2c2b350a3e95cdb908a04a2e610c8ca4027fa260d98ec82405ca52b296" }, "downloads": -1, "filename": "plecost-1.0.1.tar.gz", "has_sig": false, "md5_digest": "f9bcf77823827791a107ce6224853b9d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 382882, "upload_time": "2015-03-01T16:15:12", "url": "https://files.pythonhosted.org/packages/e5/28/3f996a5c562cdc592b99904c1eeb026c4ae2dc77c6639e59ff1e11be276d/plecost-1.0.1.tar.gz" } ], "1.0.1-1": [ { "comment_text": "", "digests": { "md5": "b9e106356b2ad488370fbe691758f632", "sha256": "ec50f37a1239e2a3947c04f88841f1d74f5df51a36a9b807ce0d4246566ec5f3" }, "downloads": -1, "filename": "plecost-1.0.1-1.tar.gz", "has_sig": false, "md5_digest": "b9e106356b2ad488370fbe691758f632", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 382991, "upload_time": "2015-03-04T09:06:35", "url": "https://files.pythonhosted.org/packages/c1/d3/b531af0e3b5762b0ccdbe90152b19e624256dd080ec33c3d211705c56a09/plecost-1.0.1-1.tar.gz" } ], "1.0.4": [ { "comment_text": "", "digests": { "md5": "ef774752587a94efa83c38278559e88a", "sha256": "b07064dbd0dd988841dc4d295e84b38db6fd63c5e2ee76da50a83e7356fb19c5" }, "downloads": -1, "filename": "plecost-1.0.4.tar.gz", "has_sig": false, "md5_digest": "ef774752587a94efa83c38278559e88a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 383078, "upload_time": "2015-09-06T10:55:20", "url": "https://files.pythonhosted.org/packages/7e/9d/bce1a83b419a609e940ab22abe1b98ba47477185f09d793730af94da5738/plecost-1.0.4.tar.gz" } ], "1.0.5": [ { "comment_text": "", "digests": { "md5": "ed4367c8562cf8971bf416eee7c694a8", "sha256": "27c7557cba3628eaa7c368853612b62dd237131649dd983bf18dfa7978a0382a" }, "downloads": -1, "filename": "plecost-1.0.5.tar.gz", "has_sig": false, "md5_digest": "ed4367c8562cf8971bf416eee7c694a8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 383147, "upload_time": "2015-10-19T07:41:31", "url": "https://files.pythonhosted.org/packages/d5/0d/bf45dc4e22a00b85b32861e59e36f6eaa488de01f035cda386ad51563c1c/plecost-1.0.5.tar.gz" } ], "1.0.6": [ { "comment_text": "", "digests": { "md5": "422bcae2a58cf7ff86002e8cff91b97e", "sha256": "4830906fb7101f38bab260d68edd47fc7291fa439caa458f9a63b41b3502eda1" }, "downloads": -1, "filename": "plecost-1.0.6.tar.gz", "has_sig": false, "md5_digest": "422bcae2a58cf7ff86002e8cff91b97e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 381780, "upload_time": "2015-11-25T15:29:49", "url": "https://files.pythonhosted.org/packages/d5/b9/7ec30606504069defc6d3b186d40476942a9dfffacaab84be0dab7a372d8/plecost-1.0.6.tar.gz" } ], "1.0.7": [ { "comment_text": "", "digests": { "md5": "be15572b69a8be458dee4ebe8ac7a003", "sha256": "2a076574f8ce976e3eb5919daf22a3a94e8c9c41eaf406f3952df6498a077ce7" }, "downloads": -1, "filename": "plecost-1.0.7.tar.gz", "has_sig": false, "md5_digest": "be15572b69a8be458dee4ebe8ac7a003", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 363502, "upload_time": "2016-01-07T10:20:01", "url": "https://files.pythonhosted.org/packages/c8/38/2b98ef069e0857437262f9f020f1e94bb70fabc45339167a6f1d249592f2/plecost-1.0.7.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "00751e438c7a2e45c918af2817dcf1d2", "sha256": "3df7424d59388a615dccc289f324fe98a589b6d7454ef46fcb17d2802e832e0b" }, "downloads": -1, "filename": "plecost-1.1.0.tar.gz", "has_sig": false, "md5_digest": "00751e438c7a2e45c918af2817dcf1d2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 691758, "upload_time": "2017-07-24T11:46:46", "url": "https://files.pythonhosted.org/packages/1e/fc/c2903cfd549b5764da97d58330ef502f058d5a37f89dd0bf129449c3800b/plecost-1.1.0.tar.gz" } ], "1.1.1": [ { "comment_text": "", "digests": { "md5": "57c3fa457e2fc89eca4e59a2867cc9c3", "sha256": "42b3ce1e14b6b29eb6e1f6945e85fe0520086bb57f4c2d9968782a172d8ceb27" }, "downloads": -1, "filename": "plecost-1.1.1.tar.gz", "has_sig": false, "md5_digest": "57c3fa457e2fc89eca4e59a2867cc9c3", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 691753, "upload_time": "2017-07-24T11:49:56", "url": "https://files.pythonhosted.org/packages/8b/af/30dd46488baa7e14df2e28d2d4700223456508589255638fac5715534e6e/plecost-1.1.1.tar.gz" } ], "1.1.2": [ { "comment_text": "", "digests": { "md5": "d09f3158dff89a6e1a887b89c237d669", "sha256": "00d5d109ea8cdf310cf8ea096af599379d3ca5b3373be48a10ad0654f91774e1" }, "downloads": -1, "filename": "plecost-1.1.2.tar.gz", "has_sig": false, "md5_digest": "d09f3158dff89a6e1a887b89c237d669", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 637627, "upload_time": "2017-11-03T12:33:54", "url": "https://files.pythonhosted.org/packages/fa/d3/0503aca9e3a4c03d0b43c08f3e8527bc5905a65c6d54e13da4b34da70256/plecost-1.1.2.tar.gz" } ], "1.1.3": [ { "comment_text": "", "digests": { "md5": "5a9c7dd9a32c311b2813265b45e868c2", "sha256": "41b9f8c3f221ca6a450860b0f8621ccd1ca49a4a54fa602f8477ce04bbba3d57" }, "downloads": -1, "filename": "plecost-1.1.3.tar.gz", "has_sig": false, "md5_digest": "5a9c7dd9a32c311b2813265b45e868c2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 638650, "upload_time": "2017-11-12T14:22:21", "url": "https://files.pythonhosted.org/packages/f2/6d/37c31924185794f41b522b94ecc11b09f3c27eb4f9d8cd4a0791cfcfeff1/plecost-1.1.3.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "5a9c7dd9a32c311b2813265b45e868c2", "sha256": "41b9f8c3f221ca6a450860b0f8621ccd1ca49a4a54fa602f8477ce04bbba3d57" }, "downloads": -1, "filename": "plecost-1.1.3.tar.gz", "has_sig": false, "md5_digest": "5a9c7dd9a32c311b2813265b45e868c2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 638650, "upload_time": "2017-11-12T14:22:21", "url": "https://files.pythonhosted.org/packages/f2/6d/37c31924185794f41b522b94ecc11b09f3c27eb4f9d8cd4a0791cfcfeff1/plecost-1.1.3.tar.gz" } ] }