WordPress Exploit Framework
A Ruby framework designed to aid in the penetration testing of WordPress systems. Installation: To install the latest stable build, run 'gem install wpxf'. After installation, you can launch the WordPress Exploit Framework console by running 'wpxf'. Requirements: Ruby >= 2.4.4 is required to run WordPress Exploit Framework. Troubleshooting Installation: Debian Systems: If you have issues installing WPXF's dependencies (in particular, Nokogiri), first make sure you have all the tooling necessary to compile C extensions: 'sudo apt-get install build-essential patch'. It’s possible that you don’t have important development header files installed on your system. Here’s what you should do if you should find yourself in this situation: 'sudo apt-get install ruby-dev zlib1g-dev liblzma-dev libsqlite3-dev'. Windows Systems: If you are experiencing errors that indicate that 'libcurl.dll' could not be loaded, you will need to ensure the latest libcurl binary is included in your Ruby bin folder, or any other folder that is in your environment's PATH variable. The latest version can be downloaded from http://curl.haxx.se/download.html. As of 16/05/2016, the latest release.
FEATURES
SIMILAR TOOLS
A collection of resources for practicing penetration testing
ISF (Industrial Exploitation Framework) - An exploitation framework for industrial systems with various ICS protocol clients and exploit modules.
Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ...
CLI tool for offensive and defensive security assessments on the Joi validator library with a wide range of attacks.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.
A command that builds and executes command lines from standard input, allowing for the execution of commands with multiple arguments.
Full-featured C2 framework for stealthy communication and control on web servers.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.