Tag Archives: web assessment

Scanning for WordPress Installs with Plecost

Plecost is a WordPress fingerprinting tool. The main use is to help discover if a webpage is running WordPress and if so which version. It also can detect what plug-ins are installed with their version number.

Warning: It appears at this time that is has been awhile since it has last been updated so while the plugin list is outdated it still reports back the version number of all detected plugins which can be looked up by hand.

Download for Plugin List

https://code.google.com/p/plecost/downloads/list : (wp_plugin_list_2013_feb.txt)

Basic Usage

plecost -i <file name of plugin list> -u <url of site to be tested>

Getting Started with Nikto

Nikto, included in the Kali distro, is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

To use nikto, you can get to it in Kali by going to the menu under Kali Linux > Vulnerability Analysis > Misc Scanners > Nikto. From here you can be sure you have the latest version of Nikto by updating it typing:

nikto -update

Now you can start scanning! To do so, type

nikto -h http://www.example.com

Nikto will give you information about issues you should look into, interesting things it finds, and vulnerabilities found.

Using OWASP-ZAP

OWASP Zed Attack Proxy (OWASP-ZAP) is a GUI based penetration test tool for websites/web applications and is relatively easy to use.

Why Use This?

This program is a good starting point to find vulnerabilities for a webpage as it is relatively thorough in what it searches for. Also it gives a very nice report that you can export with color-coded warning levels ranging from High to Low that gives general tips on how to solve or look further into what it has detected.

How to Use

Assuming you’re using a Kali distribution it is easy to find. Just need to go to Applications -> Kali Linux -> Top 10 Security Tools -> owasp-zap
From there the program should start (note that load time can be a little slow)
Then on the right side you’ll see the title “Welcome to the OWASP Zed Attack Proxy”. Within that panel there is a space to type in the URL and it will use the default options to begin scanning the network.
The first step it will do is Spider the website to discover every unique URL within the domain.
Once that is completed it will then begin the testing phase for every found URL.

During the scan when it finds something you may notice in the far bottom left corner there is a little indicator titled “Alert” when it catches something. (Red = High, Orange = Medium, Yellow = low, Blue = Informational) If during the scan you would like to view these you can do so by clicking the “Alerts” tab in the bottom panel and navigating through the click-able options.

Once it has fully been completed if you would like to export the results you can do so by going to the top menu bar -> Report -> Generate HTML Report…

Heed of Warning
  1. The larger and more vast the website is the longer this tester will take since it will test every URL thoroughly.
  2. Default log size is around 1000~ so after that limit is reached it may appear as though it is no longer working even though it most likely is.
    • If you would like to increase the log size you can do so by going to the menu bar -> Tools -> Options, then in that window that pops up under the category “Active Scan” you can change the “Max results to list:” to a higher/appropriate number.