Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go.
Features
| Status | Features |
|---|---|
| ✅ | Random Agent |
| ✅ | Detection WAF |
| ✅ | User Enumerator |
| ✅ | Plugin Scanner |
| ✅ | Theme Scanner |
| ✅ | Tor Proxy’s |
| ✅ | Detection Honeypot |
| ✅ | Fuzzing Backup Files |
| 🔨 | Fuzzing Passwords |
| 🔨 | Vulnerability Scanner |
Usage
| Flag(s) | Description |
|---|---|
| -u, –url string | Target URL (Ex: http(s)://example.com/). (Required) |
| –users-enumerate | Use the supplied mode to enumerate Users. |
| –themes-enumerate | Use the supplied mode to enumerate Themes. |
| –plugins-enumerate | Use the supplied mode to enumerate Plugins. |
| –detection-waf | I will try to detect if the target is using any WAF. |
| –detection-honeypot | I will try to detect if the target is a honeypot, based on the shodan. |
| –no-check-wp | Will skip wordpress check on target. |
| –random-agent | Use randomly selected HTTP(S) User-Agent header value. |
| –tor | Use Tor anonymity network. |
| –disable-tls-checks | Disables SSL/TLS certificate verification. |
| -h, –help | help for wprecon. |
| -v, –verbose | Verbosity mode. |
WPrecon Running
Command: wprecon --url "https://www.xxxxxxx.com/" --detection-waf
- Output:
—————————————————————————————————————————————————————————————————————
___ ______________________________________________ __
__ | / /__ __ \__ __ \__ ____/_ ____/_ __ \__ | / /
__ | /| / /__ /_/ /_ /_/ /_ __/ _ / _ / / /_ |/ /
__ |/ |/ / _ ____/_ _, _/_ /___ / /___ / /_/ /_ /| /
____/|__/ /_/ /_/ |_| /_____/ \____/ \____/ /_/ |_/
Github: https://github.com/blackcrw/wprecon
Version: 0.0.1a
—————————————————————————————————————————————————————————————————————
[•] Target: https://www.xxxxxxx.com/
[•] Starting: 09/jan/2020 12:11:17
[•] Listing enable: https://www.xxxxxxx.com/wp-content/plugins/
[•] Listing enable: https://www.xxxxxxx.com/wp-content/themes/
[•••] Status Code: 200 — URL: https://www.xxxxxxx.com/wp-admin/
[•••] I'm not absolutely sure that this target is using wordpress! 37.50% chance. do you wish to continue ? [Y/n]: Y
[•••] Status Code: 200 — WAF: Wordfence Security Detected
[•••] Do you wish to continue ?! [Y/n] : Y
.webp "MinDNS – A Lightweight Rust-Based DNS Server For Enhanced Network Security")
.png "System Informer : A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware")
, is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.){kind=link}