OWASP
Nettacker target WordPress site setup fails with HTTP 500 and missing database tables errors
Issue Description: I am attempting to run the OWASP Nettacker against a local WordPress installation on Kali Linux (http://localhost/wordpress-vuln/) using the command:
text python3.11 nettacker.py -i 192.168.29.62 -m wp_xmlrpc_bruteforce_vuln However, the WordPress test site is not accessible due to persistent setup and configuration issues.
Symptoms & Errors: Accessing http://localhost/wordpress-vuln/ in Firefox results in:
text Looks like there’s a problem with this site http://localhost/wordpress-vuln/wp-admin/setup-config.php might have a temporary problem or it could have moved. Error code: 500 Internal Server Error The WordPress database is empty with no tables created (confirmed via MariaDB shell):
sql MariaDB [wordpress_vuln]> SELECT COUNT(*) FROM wp_options; ERROR 1146 (42S02): Table 'wordpress_vuln.wp_options' doesn't exist PHP error logs show fatal errors related to missing wp_options table and undefined constants such as DB_USER.
WordPress wp-config.php is present, readable by Apache, and contains correct database credentials.
Extensive troubleshooting steps taken, including:
Recreating the MariaDB database and user with full privileges.
Running rsync to sync WordPress core files to the correct web directory.
Checking and fixing file and directory permissions recursively for Apache user.
Temporarily renaming wp-config.php to force the WordPress installation wizard.
Attempting to run the WordPress installation wizard in browser without success due to HTTP 500 error.
Trying to generate/import WordPress SQL schema manually but encountering file not found and permission errors.
Environment: Kali Linux (Latest)
Apache 2.4.65
MariaDB 10.x
PHP 8.x
Python 3.11
OWASP Nettacker (Latest GitHub release)
WordPress Latest downloaded from official site
Possible Causes & Observations: The HTTP 500 Internal Server Error at wp-admin/setup-config.php suggests server configuration issues, PHP errors, or permission problems.
The database is uninitialized and missing tables which WordPress requires to run.
The WordPress installer wizard cannot complete presumably due to the 500 error.
Nettacker scan fails due to inability to interact properly with the target WordPress installation.
Requested Support: Guidance on troubleshooting and resolving HTTP 500 error on WordPress installation setup page.
Recommended steps for manually recovering or creating WordPress database tables if the installer does not run.
Advice on Nettacker compatibility or workarounds for scanning WordPress targets with incomplete installs or errors.
Any known issues with PHP 8.x configurations affecting WordPress setup on Kali Linux environment.
Best practices to set up a local test WordPress site for Nettacker vulnerability scanning.
Attached Logs and Details: PHP error logs showing fatal errors.
MariaDB console outputs confirming missing tables.
Permissions and ownership settings for /var/www/html/wordpress-vuln.
Exact Nettacker command run.
This issue blocks effective pentesting using Nettacker on WordPress sites running locally on Kali Linux.
Proposed Solution:
- Add comprehensive WordPress setup instructions to docs
- Create automated setup script (
scripts/setup_wordpress_test.sh) - Include database configuration and permission fixes
Request: I'd like to work on this fix. I've already troubleshooted the exact issues and can implement a proper solution.
Can I be assigned to this task?
@pUrGe12 Yes i think so - the issue is with WordPress setup documentation rather than Nettacker's code.
I'd like to contribute by adding proper setup documentation and an installation script to help users avoid these issues. Can I work on this?
Yes, please Thankyou.
On Sat, 15 Nov 2025, 02:22 Deep, @.***> wrote:
sherlock2215 left a comment (OWASP/Nettacker#1168) https://github.com/OWASP/Nettacker/issues/1168#issuecomment-3534516418
@pUrGe12 https://github.com/pUrGe12 Yes i think so - the issue is with WordPress setup documentation rather than Nettacker's code.
I'd like to contribute by adding proper setup documentation and an installation script to help users avoid these issues. Can I work on this?
— Reply to this email directly, view it on GitHub https://github.com/OWASP/Nettacker/issues/1168#issuecomment-3534516418, or unsubscribe https://github.com/notifications/unsubscribe-auth/BC6BSRNGJRVBWHPMQMYP4ET34Y6HNAVCNFSM6AAAAACMDB4PYWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTKMZUGUYTMNBRHA . You are receiving this because you authored the thread.Message ID: @.***>
Yes, please Thankyou.
On Sat, 15 Nov 2025, 01:29 Deep, @.***> wrote:
sherlock2215 left a comment (OWASP/Nettacker#1168) https://github.com/OWASP/Nettacker/issues/1168#issuecomment-3534358109
Proposed Solution:
- Add comprehensive WordPress setup instructions to docs
- Create automated setup script (scripts/setup_wordpress_test.sh)
- Include database configuration and permission fixes
Request: I'd like to work on this fix. I've already troubleshooted the exact issues and can implement a proper solution.
Can I be assigned to this task?
— Reply to this email directly, view it on GitHub https://github.com/OWASP/Nettacker/issues/1168#issuecomment-3534358109, or unsubscribe https://github.com/notifications/unsubscribe-auth/BC6BSRJCPO7CA2SXQR46F2L34YYCDAVCNFSM6AAAAACMDB4PYWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTKMZUGM2TQMJQHE . You are receiving this because you authored the thread.Message ID: @.***>
This is an issue with the Wordpress setup, nothing to do with Nettacker. Make sure Wordpress is installed and working before trying to use Nettacker to scan it /brute-force it
