Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go.
Features
| Status | Features |
|---|---|
| ✅ | Random Agent |
| ✅ | Detection WAF |
| ✅ | User Enumerator |
| ✅ | Plugin Scanner |
| ✅ | Theme Scanner |
| ✅ | Tor Proxy’s |
| ✅ | Detection Honeypot |
| ✅ | Fuzzing Backup Files |
| 🔨 | Fuzzing Passwords |
| 🔨 | Vulnerability Scanner |
Usage
| Flag(s) | Description |
|---|---|
| -u, –url string | Target URL (Ex: http(s)://example.com/). (Required) |
| –users-enumerate | Use the supplied mode to enumerate Users. |
| –themes-enumerate | Use the supplied mode to enumerate Themes. |
| –plugins-enumerate | Use the supplied mode to enumerate Plugins. |
| –detection-waf | I will try to detect if the target is using any WAF. |
| –detection-honeypot | I will try to detect if the target is a honeypot, based on the shodan. |
| –no-check-wp | Will skip wordpress check on target. |
| –random-agent | Use randomly selected HTTP(S) User-Agent header value. |
| –tor | Use Tor anonymity network. |
| –disable-tls-checks | Disables SSL/TLS certificate verification. |
| -h, –help | help for wprecon. |
| -v, –verbose | Verbosity mode. |
WPrecon Running
Command: wprecon --url "https://www.xxxxxxx.com/" --detection-waf
—————————————————————————————————————————————————————————————————————
___ ______________________________________________ __
__ | / /__ __ \__ __ \__ ____/_ ____/_ __ \__ | / /
__ | /| / /__ /_/ /_ /_/ /_ __/ _ / _ / / /_ |/ /
__ |/ |/ / _ ____/_ _, _/_ /___ / /___ / /_/ /_ /| /
____/|__/ /_/ /_/ |_| /_____/ \____/ \____/ /_/ |_/
Github: https://github.com/blackcrw/wprecon
Version: 0.0.1a
—————————————————————————————————————————————————————————————————————
[•] Target: https://www.xxxxxxx.com/
[•] Starting: 09/jan/2020 12:11:17
[•] Listing enable: https://www.xxxxxxx.com/wp-content/plugins/
[•] Listing enable: https://www.xxxxxxx.com/wp-content/themes/
[•••] Status Code: 200 — URL: https://www.xxxxxxx.com/wp-admin/
[•••] I'm not absolutely sure that this target is using wordpress! 37.50% chance. do you wish to continue ? [Y/n]: Y
[•••] Status Code: 200 — WAF: Wordfence Security Detected
[•••] Do you wish to continue ?! [Y/n] : YThe cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…