plecost - Wordpress fingerprinting tool

Project Information

Project feeds
Code license
GNU GPL v3
Labels
fingerprinting, hacking, BeautifulSoup, python, wordpress, informationgathering, security

Members

fran.net

garcia.g...@gmail.com

iniqua.team@gmail.com

Featured

Downloads

Links

Blogs
Iniqua
External links
Plecost-iniqua

News

# Plecost in Pentoo http://se-united.org/plecost-in-pentoo/

# Now we use Wingware Python IDE!

Wingware

# BackTrack 5 also includes Plecost. Our fish is already in three fishbowl (BackBox, Blackbuntu and BackTrack). Great!

# Blackbuntu also includes Plecost. Thanks for the trusted.

# Plecost "0.2.2-9-beta" added in BackBox. You can read a review in iniqua.com

# New release 0.2.2-9-beta available: Fixed plugin list reload problem.

Wordpress.com has changed plugin list. Therefore the option -R

(Reload plugin list) doesn't work properly. Please be patient, the problem will be solved soon.

# Also includes a new verification: Now you can see the latest version of wordpress released after the version found.

==> Results for: http://blogs------- <==

[i] Wordpress version found: 2.6.1

[i] Wordpress last public version: 3.0.1

General description

Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there.

Plecost retrieves the information contained on Web sites supported by Wordpress, and also allows a search on the results indexed by Google.

Site

http://www.iniqua.com/labs/

Libraries

xgoogle

Quick help

Plecost works in two modes. On the one hand by analyzing a single URL and the other analyzing the results of Google searches (-G).

Threads version

Usage: ./plecost-0.2.2-8-beta.py [options] [ URL | [-l num] -G]

Google search options:
    -l num    : Limit number of results for each plugin in google.
    -G        : Google search mode
    
Options:
    -n        : Number of plugins to use (Default all - more than 7000).
    -c        : Check plugins only with CVE associated.
    -R file   : Reload plugin list. Use -n option to control the size
    -o file   : Output file. (Default "output.txt")
    -i file   : Input plugin list. (Need to start the program)
    -s time   : Min sleep time between two probes. Time in seconds. (10)
    -M time   : Max sleep time between two probes. Time in seconds. (20)
    -t num    : Number of threads. (Default 1)
    -h        : Display help. (More info: http://iniqua.com/labs/) 

Examples:

  * Reload first 5 plugins list:
        plecost -R plugins.txt -n 5
  * Search vulnerable sites for first 5 plugins:
        plecost -n 5 -G -i plugins.txt
  * Search plugins with 20 threads, sleep time between 12 and 30 seconds for www.example.com:
        plecost -i plugin_list.txt -s 12 -M 30 -t 20 -o results.txt www.example.com

Mono task version

Usage: ./plecost_0.0.1-5beta.py [options] URL | [options] -G

Options:
-G      : Google search mode
-n      : Number of plugins to use (Default all - more than 7000).
-c      : Check plugins only with CVE associated.
-R file : Reload plugin list. Use -n option to control the extension 
-o file : Output file. (Default "output.txt")
-i file : Input plugin list. (Need to start the program)
-s time : Min sleep time between two probes. Time in seconds. (Default 10)
-M time : Max sleep time between two probes. Time in seconds. (Default 20)
-h      : Display help. (More info: http://iniqua.com/labs/)

Examples:

* Reload first 5 plugins list:
     plecost -R plugins.txt -n 5
* Search vulnerable sites for first 5 plugins:
     plecost -n 5 -G -i plugins.txt
* Search plugins with sleep time between 12 and 30 seconds for www.example.com:
     plecost -i plugin_list.txt -s 12 -M 30  -o results.txt www.example.com