Wprecon : A Vulnerability Recognition Tool In CMS WordPress

Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go.

Features

StatusFeatures
Random Agent
Detection WAF
User Enumerator
Plugin Scanner
Theme Scanner
Tor Proxy’s
Detection Honeypot
Fuzzing Backup Files
🔨Fuzzing Passwords
🔨Vulnerability Scanner

Usage

Flag(s)Description
-u, –url stringTarget URL (Ex: http(s)://example.com/). (Required)
–users-enumerateUse the supplied mode to enumerate Users.
–themes-enumerateUse the supplied mode to enumerate Themes.
–plugins-enumerateUse the supplied mode to enumerate Plugins.
–detection-wafI will try to detect if the target is using any WAF.
–detection-honeypotI will try to detect if the target is a honeypot, based on the shodan.
–no-check-wpWill skip wordpress check on target.
–random-agentUse randomly selected HTTP(S) User-Agent header value.
–torUse Tor anonymity network.
–disable-tls-checksDisables SSL/TLS certificate verification.
-h, –helphelp for wprecon.
-v, –verboseVerbosity mode.

WPrecon Running

Command: wprecon --url "https://www.xxxxxxx.com/" --detection-waf

  • Output:
—————————————————————————————————————————————————————————————————————

___       ______________________________________________   __
__ |     / /__  __ \__  __ \__  ____/_  ____/_  __ \__  | / /
__ | /| / /__  /_/ /_  /_/ /_  __/  _  /    _  / / /_   |/ /
__ |/ |/ / _  ____/_  _, _/_  /___  / /___  / /_/ /_  /|  /
____/|__/  /_/     /_/ |_| /_____/  \____/  \____/ /_/ |_/

Github: https://github.com/blackcrw/wprecon
Version: 0.0.1a
—————————————————————————————————————————————————————————————————————
[•] Target: https://www.xxxxxxx.com/
[•] Starting: 09/jan/2020 12:11:17

[•] Listing enable: https://www.xxxxxxx.com/wp-content/plugins/
[•] Listing enable: https://www.xxxxxxx.com/wp-content/themes/
[•••] Status Code: 200 — URL: https://www.xxxxxxx.com/wp-admin/
[•••] I'm not absolutely sure that this target is using wordpress! 37.50% chance. do you wish to continue ? [Y/n]: Y
[•••] Status Code: 200 — WAF: Wordfence Security Detected
[•••] Do you wish to continue ?! [Y/n] : Y
R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago