Fastaudit
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| My Arsenal Of Aws Security Tools | 7,955 | a month ago | 2 | apache-2.0 | Shell | |||||
| List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. | ||||||||||
| Cloudmapper | 5,391 | a month ago | 197 | bsd-3-clause | JavaScript | |||||
| CloudMapper helps you analyze your Amazon Web Services (AWS) environments. | ||||||||||
| Scoutsuite | 5,223 | 2 days ago | 44 | April 06, 2022 | 169 | gpl-2.0 | Python | |||
| Multi-Cloud Security Auditing Tool | ||||||||||
| Gscan | 2,066 | 8 months ago | 11 | Python | ||||||
| 本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。 | ||||||||||
| Awesome Cloud Security | 1,549 | 8 days ago | 4 | |||||||
| 🛡️ Awesome Cloud Security Resources ⚔️ | ||||||||||
| Graudit | 1,182 | 3 months ago | gpl-3.0 | Shell | ||||||
| grep rough audit - source code auditing tool | ||||||||||
| Mongoaudit | 1,154 | 2 years ago | 4 | January 21, 2021 | 9 | mit | Python | |||
| 🔥 A powerful MongoDB auditing and pentesting tool 🔥 | ||||||||||
| Elasticsearch Readonlyrest Plugin | 943 | a day ago | 34 | June 25, 2022 | 9 | gpl-3.0 | Scala | |||
| Free Elasticsearch security plugin and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing | ||||||||||
| Boopsuite | 787 | 4 years ago | 1 | mit | Python | |||||
| A Suite of Tools written in Python for wireless auditing and security testing. | ||||||||||
| Event Forwarding Guidance | 563 | 2 years ago | 9 | other | PowerShell | |||||
| Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber | ||||||||||
A simple and minimal wordpress security auditor!
Audit your wordpress application for security issues with even 1 request.
FastAudit is a simple wordpress enumeration tool and security auditor, able to detect possible security issues with even one web-request.
It is inspired by the amazing WPScan tool and is of course powered by the WPScan Vulnerability Database to identify possible plugin/theme/wpVersion-related vulnerabilities. It performs basic enumeration based on classic techniques and It's nice to use for a fast scan to enumerate the basics. What is special about this tool is that in order to identify possible vulnerabilities (using -ep option), it makes only one web-request to the application, so it doesn't slow it down in any way and doesn't mess with its functionality.
This tool is only for enumeration and not for exploitation - so it doesn't perform any kind of brute-force attack or any other attack in general. This tool can be used by developers and security engineers to scan their wordpress applications for possible vulberabilities (e.g. old plugins etc...) and fix them as soon as possible - that's all!
Features
- enumerates wp-version/theme/users/plugins
- based on the aboved results uses WPScan Vulnerability Database to search for potential vulnerabilities
- utilizes shodan-API to search for additional vulnerabilities (shodan account required for this feature, may also give false positives sometimes)
- utilizes haveibeenpwned service to search if a password (in sha1) has been used/breached before (useful for developers to test their passwords).
Requirements:
Note: To install the requirements:
pip install -r requirements.txt --upgrade --user
Notes
For the shodan and/or proxy to work, you have to set the appropriate values on config.cfg. Also even if --useragent options is provided, requests to haveibeenpwned service will be made using FastAudit_Agent as user-agent.
TODO
- [ ] integrate zoomeye search also
Contributions & Feedback
Feedback and contributions are welcome. If you find any bug or have a feature request feel free to open an issue, and as soon as I review it I'll try to fix it!
Disclaimer
This tool is only for testing and academic purposes and can only be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this tool and software in general.
Credits
- Special thanks to WPScan team!
- Logo designed with fontmeme.com!
References
- https://winningwp.com/how-to-tell-which-plugins-a-website-uses/
- https://codeable.io/find-out-what-theme-plugins-wordpress/
- https://stackoverflow.com/questions/1390255/how-do-i-find-out-what-version-of-wordpress-is-running/1390292#1390292
License
This project is licensed under the GPLv3 License - see the LICENSE file for details
