Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go.
Features
Status | Features |
---|---|
✅ | Random Agent |
✅ | Detection WAF |
✅ | User Enumerator |
✅ | Plugin Scanner |
✅ | Theme Scanner |
✅ | Tor Proxy’s |
✅ | Detection Honeypot |
✅ | Fuzzing Backup Files |
🔨 | Fuzzing Passwords |
🔨 | Vulnerability Scanner |
Usage
Flag(s) | Description |
---|---|
-u, –url string | Target URL (Ex: http(s)://example.com/). (Required) |
–users-enumerate | Use the supplied mode to enumerate Users. |
–themes-enumerate | Use the supplied mode to enumerate Themes. |
–plugins-enumerate | Use the supplied mode to enumerate Plugins. |
–detection-waf | I will try to detect if the target is using any WAF. |
–detection-honeypot | I will try to detect if the target is a honeypot, based on the shodan. |
–no-check-wp | Will skip wordpress check on target. |
–random-agent | Use randomly selected HTTP(S) User-Agent header value. |
–tor | Use Tor anonymity network. |
–disable-tls-checks | Disables SSL/TLS certificate verification. |
-h, –help | help for wprecon. |
-v, –verbose | Verbosity mode. |
WPrecon Running
Command: wprecon --url "https://www.xxxxxxx.com/" --detection-waf
—————————————————————————————————————————————————————————————————————
___ ______________________________________________ __
__ | / /__ __ \__ __ \__ ____/_ ____/_ __ \__ | / /
__ | /| / /__ /_/ /_ /_/ /_ __/ _ / _ / / /_ |/ /
__ |/ |/ / _ ____/_ _, _/_ /___ / /___ / /_/ /_ /| /
____/|__/ /_/ /_/ |_| /_____/ \____/ \____/ /_/ |_/
Github: https://github.com/blackcrw/wprecon
Version: 0.0.1a
—————————————————————————————————————————————————————————————————————
[•] Target: https://www.xxxxxxx.com/
[•] Starting: 09/jan/2020 12:11:17
[•] Listing enable: https://www.xxxxxxx.com/wp-content/plugins/
[•] Listing enable: https://www.xxxxxxx.com/wp-content/themes/
[•••] Status Code: 200 — URL: https://www.xxxxxxx.com/wp-admin/
[•••] I'm not absolutely sure that this target is using wordpress! 37.50% chance. do you wish to continue ? [Y/n]: Y
[•••] Status Code: 200 — WAF: Wordfence Security Detected
[•••] Do you wish to continue ?! [Y/n] : Y
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…