Habilidades wordpress-penetration-testing
🛡️

wordpress-penetration-testing

Risco Médio ⚡ Contém scripts⚙️ Comandos externos🌐 Acesso à rede

Perform WordPress Security Assessments

WordPress sites face constant security threats from automated attacks and targeted exploits. This skill provides comprehensive penetration testing capabilities to identify and remediate vulnerabilities before attackers exploit them.

Suporta: Claude Codex Code(CC)
⚠️ 62 Ruim
1

Baixar o ZIP da skill

2

Upload no Claude

Vá em Configurações → Capacidades → Skills → Upload skill

3

Ative e comece a usar

Testar

A utilizar "wordpress-penetration-testing". Scan WordPress site for vulnerabilities

Resultado esperado:

  • WordPress Version: 6.4.2 (Latest)
  • Theme: Twenty Twenty-Four 1.0 (No known vulnerabilities)
  • Plugins Found: 5 (2 with known vulnerabilities)
  • - Contact Form 7 5.8.3 - CVE-2023-XXXXX (Medium)
  • - WooCommerce 8.5.0 (No known vulnerabilities)
  • Users Enumerated: 3 (admin, editor, author)
  • Recommendations: Update Contact Form 7, disable user enumeration

A utilizar "wordpress-penetration-testing". Test password strength for admin account

Resultado esperado:

  • Password Assessment Results:
  • Target: admin account
  • Passwords Tested: 10000
  • Result: Password NOT found in common wordlist
  • Strength: Strong (12+ characters, mixed case, numbers, symbols)
  • Recommendation: Enable two-factor authentication for additional protection

Auditoria de Segurança

Risco Médio
v1 • 2/25/2026

This WordPress penetration testing skill contains intentional security testing patterns including Metasploit, WPScan, nmap, and shell commands. All detected patterns are consistent with legitimate security assessment tools. The skill includes proper legal disclaimers requiring written authorization. Risk is elevated due to exploitation techniques and should include prominent warnings about legal requirements before publication.

1
Arquivos analisados
491
Linhas analisadas
8
achados
1
Total de auditorias

Problemas de Alto Risco (2)

SKILL.md:271-287SKILL.md:291-303
Metasploit Framework Integration
The skill includes Metasploit exploit modules for WordPress shell upload and plugin exploitation. These are legitimate penetration testing tools but require explicit authorization and should only be used in controlled environments.
SKILL.md:315
PHP Reverse Shell Code Execution
The skill demonstrates PHP reverse shell injection via theme editor with bash command execution. This technique could be misused for unauthorized system access.
Problemas de Risco Médio (2)
SKILL.md:243-262
Credential Brute-Force Capabilities
The skill includes WPScan password attack functionality against WordPress login forms and XML-RPC endpoints. While legitimate for security testing, this could be misused for unauthorized access attempts.
SKILL.md:324-344
Malicious Plugin Creation
The skill demonstrates creating a malicious WordPress plugin with system command execution capabilities. This pattern could be repurposed for persistent backdoor installation.
Problemas de Baixo Risco (1)
SKILL.md:388-397
Proxy Configuration for Anonymity
The skill includes Tor and HTTP proxy configuration for anonymizing scan traffic. While useful for legitimate security testing, this could indicate intent to evade detection.

Fatores de risco

⚡ Contém scripts
Nenhuma localização específica registrada
⚙️ Comandos externos (1)
SKILL.md:315
🌐 Acesso à rede (3)
SKILL.md:390 SKILL.md:393 SKILL.md:396

Padrões Detectados

Shell Command ExecutionSystem Command Injection via HTTP
Auditado por: claude

Pontuação de qualidade

38
Arquitetura
100
Manutenibilidade
87
Conteúdo
50
Comunidade
28
Segurança
100
Conformidade com especificações

O Que Você Pode Construir

Security Consultant WordPress Audit

Perform comprehensive security assessments for clients running WordPress, delivering actionable findings and remediation guidance.

WordPress Developer Security Hardening

Test your own WordPress sites before deployment to identify and fix vulnerabilities before attackers discover them.

Bug Bounty WordPress Testing

Systematically test WordPress installations within bug bounty program scope to discover and report security vulnerabilities.

Tente Estes Prompts

Basic WordPress Security Scan 
Perform a basic security scan of the WordPress site at [URL]. Enumerate the WordPress version, active themes, installed plugins, and exposed users. Document all findings in a structured report with risk ratings.
Comprehensive Vulnerability Assessment 
Conduct a comprehensive vulnerability assessment of [WordPress URL] using WPScan with API token. Test for vulnerable plugins, themes, user enumeration, and misconfigurations. Provide prioritized remediation steps for each finding.
Password Security Testing 
Test the password strength of WordPress user accounts at [URL] using authorized credentials list. Evaluate password policies, test for common weak passwords, and recommend password policy improvements.
Full Penetration Test Engagement 
Execute a full penetration test engagement against [WordPress URL] including reconnaissance, enumeration, vulnerability scanning, and authorized exploitation attempts. Document the attack chain and provide executive and technical reports.

Melhores Práticas

  • Always obtain written authorization before testing any WordPress site you do not own
  • Use a staging environment for exploitation testing rather than production systems
  • Document all testing activities with timestamps for audit trail purposes
  • Test during maintenance windows to minimize impact on legitimate users
  • Use rate limiting and throttling to avoid denial of service conditions

Evitar

  • Never test WordPress sites without explicit written authorization from the owner
  • Do not run aggressive scans against production sites during business hours
  • Avoid testing sites protected by WAF without understanding bypass implications
  • Do not exfiltrate or access real user data during security assessments

Perguntas Frequentes

Is this skill legal to use?
This skill is legal when used on WordPress sites you own or have explicit written authorization to test. Unauthorized testing violates computer crime laws in most jurisdictions.
Do I need a WPScan API token?
A free WPScan API token is recommended for vulnerability database access. Without it, WPScan can still enumerate WordPress components but cannot identify known vulnerabilities.
Can this skill damage my WordPress site?
Aggressive scanning and exploitation testing can potentially cause service disruption. Always test in a staging environment first and avoid production systems during business hours.
What tools does this skill require?
This skill uses WPScan (WordPress scanner), Metasploit Framework, nmap, and standard tools like cURL. WPScan and nmap are pre-installed in Kali Linux.
How long does a WordPress security scan take?
Basic scans take 2-5 minutes. Comprehensive scans with vulnerability checking take 10-30 minutes. Password testing duration depends on wordlist size and rate limiting.
Can I use this for bug bounty hunting?
Yes, but only within the scope defined by the bug bounty program. Always verify the program allows automated scanning and follow all program rules.

Detalhes do Desenvolvedor

Autor

sickn33

Licença

MIT

Repositório

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/wordpress-penetration-testing

Referência

main

Estrutura de arquivos

📄 SKILL.md