├── README.md └── DeConfigro.sh /README.md: -------------------------------------------------------------------------------- 1 | # DeConfigro: WordPress Configuration Vulnerability Scanner 2 | 3 | **DeConfigro** is a lightweight and powerful tool designed to scan websites for a common WordPress vulnerability involving the `wp-admin/setup-config.php?step=1` page. This page is part of the WordPress installation process and, if left exposed, can be a security risk. The tool checks if the page is accessible, indicating an incomplete WordPress installation that could be exploited. 4 | 5 | ## **Features** 6 | 7 | - **Vulnerability Detection**: Identifies exposed WordPress setup configuration pages. 8 | - **Single URL and Bulk Scanning**: Supports both single URL scans and bulk scans from a file. 9 | - **Auto-Completion for File Paths**: Automatically completes file paths to ease the user's workflow. 10 | - **Detailed Output**: Provides clear and color-coded feedback about vulnerable URLs. 11 | - **Save Results**: Option to save vulnerable URLs to a file for future reference. 12 | 13 | ## **Prerequisites** 14 | 15 | - **Bash Shell** (Linux, macOS, or WSL for Windows) 16 | - **Curl** (for making HTTP requests) 17 | - **Optional**: Text editor for editing URLs file. 18 | 19 | ## **Installation** 20 | 21 | 1. **Clone the repository:** 22 | 23 | ```bash 24 | git clone https://github.com/nuknov/DeConfigro.git 25 | cd Xploitra 26 | ``` 27 | 28 | 2. **Give executable permission to the script** 29 | 30 | ```bash 31 | chmod +x DeConfigro.sh 32 | ``` 33 | 34 | ## **Usage** 35 | 36 | 1. **Run the tool:** 37 | 38 | After giving executable permission to the script, you can run the tool using one of the following commands: 39 | 40 | ```bash 41 | ./DeConfigro.sh 42 | ``` 43 | 44 | or 45 | 46 | ```bash 47 | bash DeConfigro.sh 48 | ``` 49 | 50 | The `./` method is preferred if the script has been made executable with `chmod +x`, while `bash` can be used if you prefer to run the script through the Bash shell explicitly. 51 | 52 | 2. **Follow the prompts** to configure and choose whether to scan a single URL or use a file containing URLs. 53 | 54 | 3. **After the scan**: 55 | - Vulnerable URLs will be displayed. 56 | - You will be prompted to save the results to a file. 57 | 58 | ## **Disclaimer** 59 | 60 | - **Educational Purposes Only**: DeConfigro is intended for educational and research use only. The tool is not intended for malicious or unauthorized use. It is the user's responsibility to ensure compliance with all relevant local laws and regulations before using this tool. 61 | 62 | ## **Author** 63 | 64 | **Created by:** 65 | - [AnonKryptiQuz](https://AnonKryptiQuz.github.io/) 66 | - [Nuknov](https://github.com/nuknov/) 67 | -------------------------------------------------------------------------------- /DeConfigro.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | display_welcome_message() { 4 | clear 5 | echo -e "\033[0;32m _____ _____ __ _ " 6 | echo -e "\033[0;32m | __ \ / ____| / _(_) " 7 | echo -e "\033[0;32m | | | | ___| | ___ _ __ | |_ _ __ _ _ __ ___ " 8 | echo -e "\033[0;32m | | | |/ _ \ | / _ \| '_ \| _| |/ _\` | '__/ _ \ " 9 | echo -e "\033[0;32m | |__| | __/ |___| (_) | | | | | | | (_| | | | (_) | " 10 | echo -e "\033[0;32m |_____/ \___|\_____\___/|_| |_|_| |_|\__, |_| \___/ " 11 | echo -e "\033[0;32m __/ | " 12 | echo -e "\033[0;32m |___/ " 13 | echo -e "\033[0m" 14 | 15 | created_by_text="Program created by: AnonKryptiQuz x Nuknov" 16 | ascii_width=54 17 | padding=$(( (ascii_width - ${#created_by_text}) / 2 )) 18 | printf "%${padding}s" "" 19 | echo -e "\033[0;31m$created_by_text\033[0m" 20 | echo "" 21 | } 22 | 23 | is_valid_url() { 24 | local url_pattern="^(http|https)://[a-zA-Z0-9.-]+(\.[a-zA-Z]{2,})?(/.*)?$" 25 | [[ $1 =~ $url_pattern ]] 26 | } 27 | 28 | get_base_url_or_file() { 29 | if [ -f /etc/bash_completion ]; then 30 | source /etc/bash_completion 31 | fi 32 | 33 | while true; do 34 | read -e -p "$(echo -e "\033[0;37m[?] Enter the base URL or the path to the file with URLs: \033[0m")" input 35 | 36 | if [[ -z "$input" ]]; then 37 | echo -e "\033[0;31m[!] You must provide a valid URL or file.\033[0m" 38 | echo -e "\033[1;33m[i] Press Enter to try again...\033[0m" 39 | read -r 40 | clear 41 | display_welcome_message 42 | elif [[ -f "$input" ]]; then 43 | if ! grep -q -e "http" "$input"; then 44 | echo -e "\033[0;31m[!] File does not contain valid URLs.\033[0m" 45 | echo -e "\033[1;33m[i] Press Enter to try again...\033[0m" 46 | read -r 47 | clear 48 | display_welcome_message 49 | else 50 | urls_from_file=true 51 | break 52 | fi 53 | elif is_valid_url "$input"; then 54 | base_url="$input" 55 | urls_from_file=false 56 | break 57 | else 58 | echo -e "\033[0;31m[!] Invalid URL or file path.\033[0m" 59 | echo -e "\033[1;33m[i] Press Enter to try again...\033[0m" 60 | read -r 61 | clear 62 | display_welcome_message 63 | fi 64 | done 65 | } 66 | 67 | check_wp_vulnerability() { 68 | local base_url="$1" 69 | local vuln_path="/wp-admin/setup-config.php?step=1" 70 | local full_url="${base_url%/}$vuln_path" 71 | 72 | echo -e "\033[1;33m[+] Checking: \033[0m\033[0;37m$base_url\033[0m" 73 | 74 | response=$(curl -s -o /dev/null -w "%{http_code}" "$full_url") 75 | if [[ "$response" -eq 200 ]]; then 76 | body=$(curl -s "$full_url") 77 | if echo "$body" | grep -q "Database Name"; then 78 | echo -e "\033[0;32m[!] Vulnerable: \033[0m\033[0;37m$full_url\033[0m" 79 | echo "" 80 | vulnerable_urls+=("$full_url") 81 | return 1 82 | else 83 | echo -e "\033[0;31m[i] Not Vulnerable: \033[0m\033[0;37m$full_url\033[0m" 84 | fi 85 | else 86 | echo -e "\033[0;31m[!] Failed to connect or invalid response: \033[0m\033[0;37m$full_url\033[0m" 87 | fi 88 | echo "" 89 | return 0 90 | } 91 | 92 | handle_exit() { 93 | echo -e "\n\033[0;31m[!] Program interrupted by the user. Exiting...\033[0m" 94 | exit 1 95 | } 96 | 97 | trap handle_exit SIGINT 98 | 99 | save_results_to_file() { 100 | read -p "[?] Do you want to save the results to a file? y/n (Press enter for default N): " save_input 101 | save_input=$(echo "$save_input" | tr '[:upper:]' '[:lower:]') 102 | 103 | if [[ "$save_input" == "y" ]]; then 104 | output_file="scan_results_$(date +%Y%m%d%H%M%S).txt" 105 | echo "" 106 | echo -e "\033[1;33m[i] Saving results to $output_file...\033[0m" 107 | printf "%s\n" "${vulnerable_urls[@]}" > "$output_file" 108 | echo -e "\033[0;32m[i] Results saved to $output_file\033[0m" 109 | else 110 | echo -e "\033[0;31m[i] Results not saved.\033[0m" 111 | fi 112 | } 113 | 114 | main() { 115 | display_welcome_message 116 | get_base_url_or_file 117 | 118 | echo "" 119 | echo -e "\033[1;33m[i] Loading, Please Wait...\033[0m" 120 | sleep 3 121 | clear 122 | 123 | echo -e "\033[1;34m[i] Starting vulnerability check...\033[0m" 124 | echo "" 125 | 126 | start_time=$(date +%s) 127 | total_findings=0 128 | total_scanned=0 129 | vulnerable_urls=() 130 | 131 | if [ "$urls_from_file" = true ]; then 132 | while IFS= read -r base_url || [ -n "$base_url" ]; do 133 | base_url=$(echo $base_url | tr -d '\r') 134 | base_url=$(echo $base_url | xargs) 135 | if [[ -z "$base_url" ]]; then 136 | continue 137 | fi 138 | if is_valid_url "$base_url"; then 139 | ((total_scanned++)) 140 | check_wp_vulnerability "$base_url" 141 | total_findings=$((total_findings + $?)) 142 | else 143 | echo -e "\033[0;31m[!] Skipping invalid URL: $base_url\033[0m" 144 | fi 145 | done < "$input" 146 | else 147 | check_wp_vulnerability "$base_url" 148 | total_findings=$? 149 | total_scanned=1 150 | fi 151 | 152 | elapsed_time=$(( $(date +%s) - start_time )) 153 | 154 | echo -e "\033[1;33m[i] Scan finished!\033[0m" 155 | if [ "$urls_from_file" = true ]; then 156 | echo -e "\033[1;33m[i] Total Scanned: $total_scanned\033[0m" 157 | fi 158 | echo -e "\033[1;33m[i] Total Findings: $total_findings\033[0m" 159 | echo -e "\033[1;33m[i] Time Taken: ${elapsed_time} seconds.\033[0m" 160 | echo "" 161 | 162 | save_results_to_file 163 | } 164 | 165 | main 166 | --------------------------------------------------------------------------------