plecost
plecost Package Description
WordPress finger printer tool, plecost search and retrieve information about the plugins versions installed in WordPress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there. Plecost retrieves the information contained on Web sites supported by WordPress, and also allows a search on the results indexed by Google.
Tools included in the plecost package
plecost
root@kali:~# plecost -h
////////////////////////////////////////////
// ..................................DMI...
// .............................:MMMM......
// .........................$MMMMM:........
// .........M.....,M,=NMMMMMMMMD...........
// ........MMN...MMMMMMMMMMMM,.............
// .......MMMMMMMMMMMMMMMMM~...............
// .......MMMMMMMMMMMMMMM..................
// ....?MMMMMMMMMMMMMMMN$I.................
// .?.MMMMMMMMMMMMMMMMMMMMMM...............
// .MMMMMMMMMMMMMMN........................
// 7MMMMMMMMMMMMMON$.......................
// ZMMMMMMMMMMMMMMMMMM.......plecost.......
// .:MMMMMMMZ~7MMMMMMMMMO..................
// ....~+:.................................
//
// Plecost - Wordpress finger printer Tool (with threads support) 0.2.2-9-beta
//
// Developed by:
// Francisco Jesus Gomez aka (ffranz@iniqua.com)
// Daniel Garcia Garcia (dani@iniqua.com)
//
// Info: http://iniqua.com/labs/
// Bug report: plecost@iniqua.com
Usage: /usr/bin/plecost [options] [ URL | [-l num] -G]
Google search options:
-l num : Limit number of results for each plugin in google.
-G : Google search mode
Options:
-n : Number of plugins to use (Default all - more than 7000).
-c : Check plugins only with CVE associated.
-R file : Reload plugin list. Use -n option to control the size (This take several minutes)
-o file : Output file. (Default "output.txt")
-i file : Input plugin list. (Need to start the program)
-s time : Min sleep time between two probes. Time in seconds. (Default 10)
-M time : Max sleep time between two probes. Time in seconds. (Default 20)
-t num : Number of threads. (Default 1)
-h : Display help. (More info: http://iniqua.com/labs/)
Examples:
* Reload first 5 plugins list:
plecost -R plugins.txt -n 5
* Search vulnerable sites for first 5 plugins:
plecost -n 5 -G -i plugins.txt
* Search plugins with 20 threads, sleep time between 12 and 30 seconds for www.example.com:
plecost -i plugin_list.txt -s 12 -M 30 -t 20 -o results.txt www.example.com
////////////////////////////////////////////
// ..................................DMI...
// .............................:MMMM......
// .........................$MMMMM:........
// .........M.....,M,=NMMMMMMMMD...........
// ........MMN...MMMMMMMMMMMM,.............
// .......MMMMMMMMMMMMMMMMM~...............
// .......MMMMMMMMMMMMMMM..................
// ....?MMMMMMMMMMMMMMMN$I.................
// .?.MMMMMMMMMMMMMMMMMMMMMM...............
// .MMMMMMMMMMMMMMN........................
// 7MMMMMMMMMMMMMON$.......................
// ZMMMMMMMMMMMMMMMMMM.......plecost.......
// .:MMMMMMMZ~7MMMMMMMMMO..................
// ....~+:.................................
//
// Plecost - Wordpress finger printer Tool (with threads support) 0.2.2-9-beta
//
// Developed by:
// Francisco Jesus Gomez aka (ffranz@iniqua.com)
// Daniel Garcia Garcia (dani@iniqua.com)
//
// Info: http://iniqua.com/labs/
// Bug report: plecost@iniqua.com
Usage: /usr/bin/plecost [options] [ URL | [-l num] -G]
Google search options:
-l num : Limit number of results for each plugin in google.
-G : Google search mode
Options:
-n : Number of plugins to use (Default all - more than 7000).
-c : Check plugins only with CVE associated.
-R file : Reload plugin list. Use -n option to control the size (This take several minutes)
-o file : Output file. (Default "output.txt")
-i file : Input plugin list. (Need to start the program)
-s time : Min sleep time between two probes. Time in seconds. (Default 10)
-M time : Max sleep time between two probes. Time in seconds. (Default 20)
-t num : Number of threads. (Default 1)
-h : Display help. (More info: http://iniqua.com/labs/)
Examples:
* Reload first 5 plugins list:
plecost -R plugins.txt -n 5
* Search vulnerable sites for first 5 plugins:
plecost -n 5 -G -i plugins.txt
* Search plugins with 20 threads, sleep time between 12 and 30 seconds for www.example.com:
plecost -i plugin_list.txt -s 12 -M 30 -t 20 -o results.txt www.example.com
plecost Usage Example
Use 100 plugins (-n 100), sleep for 10 seconds between probes (-s 10) but no more than 15 (-M 15) and use the plugin list (-i /usr/share/plecost/wp_plugin_list.txt) to scan the given URL (192.168.1.202/wordpress):
root@kali:~# plecost -n 100 -s 10 -M 15 -i /usr/share/plecost/wp_plugin_list.txt 192.168.1.202/wordpress
[*] Num of checks set to: 100
-------------------------------------------------
[*] Input plugin list set to: /usr/share/plecost/wp_plugin_list.txt
[*] Min sleep time set to: 10
[*] Max sleep time set to: 15
-------------------------------------------------
==> Results for: 192.168.1.202/wordpress <==
[i] Wordpress version found: 3.9.1
[i] Wordpress last public version: 3.9.1
[*] Search for installed plugins
[i] Plugin found: akismet
|_Latest version: 2.4.0
|_ Installed version: 3.0.0
|_CVE list:
|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)
|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)
|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)
|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)
[*] Num of checks set to: 100
-------------------------------------------------
[*] Input plugin list set to: /usr/share/plecost/wp_plugin_list.txt
[*] Min sleep time set to: 10
[*] Max sleep time set to: 15
-------------------------------------------------
==> Results for: 192.168.1.202/wordpress <==
[i] Wordpress version found: 3.9.1
[i] Wordpress last public version: 3.9.1
[*] Search for installed plugins
[i] Plugin found: akismet
|_Latest version: 2.4.0
|_ Installed version: 3.0.0
|_CVE list:
|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)
|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)
|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)
|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)
No comments