How to use vulnerability scanner: ‘Zoom’

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

Zoom is a lightning-fast WordPress vulnerability scanner equipped with subdomain & infinite username enumeration. It doesn’t support plugin & theme enumeration at the moment.

First, you can visit this link below

gcxtx/Zoom

You can git clone this repository from GitHub.

“git clone https://github.com/gcxtx/zoom”

Or you can also download ZIP file directly from GitHub.

After you have cloned the repo, you will see some files like this:

How to use Zoom

Manual Mode

python zoom.py -u <wordpress website>

In the manual mode, you will need to specify a WordPress website to scan for vulnerabilities and to enumerate subdomains.

Automatic Mode

python zoom.py -u <website> --auto

In the automatic mode, Zoom will find subdomains and check the ones using WordPress for vulnerabilities.

Example

“python zoom.py -u pentest.id --auto”

Thank you