Skip to content

Latest commit

 

History

History
61 lines (43 loc) · 1.97 KB

README.md

File metadata and controls

61 lines (43 loc) · 1.97 KB

⚠️ Work in Progress ⚠️

🔍 WordPress Plugin Analyzer️

🌟 Overview

I want WordPress Plugin Analyzer to become a powerful tool designed to scan WordPress plugins for potential security vulnerabilities. It automatically downloads plugins, analyzes their PHP code, and reports possible security issues.

🚀 Features

  • 📥 Automatic plugin download and extraction
  • 📊 Comparison of plugin versions for updates
  • 🔬 In-depth code analysis using abstract syntax trees
  • 🛡️ Multiple security checks for various vulnerability types

🔒 Security Checks

Our analyzer performs the following security checks:

  1. 🗑️ Arbitrary File Deletion
  2. 📖 Arbitrary File Read
  3. 📤 Arbitrary File Upload
  4. 🔓 Broken Access Control
  5. 🔀 Cross-Site Request Forgery (CSRF)
  6. 📝 CSRF to Cross-Site Scripting (XSS)
  7. 📁 Local File Inclusion (LFI)
  8. 🔑 Missing Capability Checks
  9. 🎭 PHP Object Injection
  10. 🔋 Privilege Escalation
  11. 💻 Remote Code Execution (RCE)
  12. 💉 SQL Injection
  13. 🌐 Server-Side Request Forgery (SSRF)

🛠️ Usage

  1. Ensure you have Rust and its dependencies installed.
  2. Clone this repository.
  3. Run cargo build --release to compile the project.
  4. Execute the binary with cargo run --release.

The analyzer will automatically:

  • Fetch the latest WordPress plugins
  • Compare with previous snapshots (if available)
  • Download and analyze each plugin
  • Report potential vulnerabilities

📊 Output

The analyzer provides detailed output for each potential vulnerability found, including:

  • The file name
  • The type of vulnerability
  • Specific details about the detected issue

⚠️ Disclaimer

This tool is intended for educational and security research purposes only. Always verify results manually and respect the WordPress plugin directory's terms of service.

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.