Wprecon : A Vulnerability Recognition Tool In CMS Wordpress

Wprecon : A Vulnerability Recognition Tool In CMS WordPress

Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go.

Features

Status	Features
✅	Random Agent
✅	Detection WAF
✅	User Enumerator
✅	Plugin Scanner
✅	Theme Scanner
✅	Tor Proxy’s
✅	Detection Honeypot
✅	Fuzzing Backup Files
?	Fuzzing Passwords
?	Vulnerability Scanner

Usage

Flag(s)	Description
-u, –url string	Target URL (Ex: http(s)://example.com/). (Required)
–users-enumerate	Use the supplied mode to enumerate Users.
–themes-enumerate	Use the supplied mode to enumerate Themes.
–plugins-enumerate	Use the supplied mode to enumerate Plugins.
–detection-waf	I will try to detect if the target is using any WAF.
–detection-honeypot	I will try to detect if the target is a honeypot, based on the shodan.
–no-check-wp	Will skip wordpress check on target.
–random-agent	Use randomly selected HTTP(S) User-Agent header value.
–tor	Use Tor anonymity network.
–disable-tls-checks	Disables SSL/TLS certificate verification.
-h, –help	help for wprecon.
-v, –verbose	Verbosity mode.

WPrecon Running

Command: wprecon --url "https://www.xxxxxxx.com/" --detection-waf

Output:

—————————————————————————————————————————————————————————————————————

___       ______________________________________________   __
__ |     / /__  __ \__  __ \__  ____/_  ____/_  __ \__  | / /
__ | /| / /__  /_/ /_  /_/ /_  __/  _  /    _  / / /_   |/ /
__ |/ |/ / _  ____/_  _, _/_  /___  / /___  / /_/ /_  /|  /
____/|__/  /_/     /_/ |_| /_____/  \____/  \____/ /_/ |_/

Github: https://github.com/blackcrw/wprecon
Version: 0.0.1a
—————————————————————————————————————————————————————————————————————
[•] Target: https://www.xxxxxxx.com/
[•] Starting: 09/jan/2020 12:11:17

[•] Listing enable: https://www.xxxxxxx.com/wp-content/plugins/
[•] Listing enable: https://www.xxxxxxx.com/wp-content/themes/
[•••] Status Code: 200 — URL: https://www.xxxxxxx.com/wp-admin/
[•••] I'm not absolutely sure that this target is using wordpress! 37.50% chance. do you wish to continue ? [Y/n]: Y
[•••] Status Code: 200 — WAF: Wordfence Security Detected
[•••] Do you wish to continue ?! [Y/n] : Y

Download

R K

Next PongoOS : A Pre-Boot Execution Environment For Apple Boards »

Previous « Mud-Visualizer : A Tool To Visualize MUD Files

Published by

R K

Tags: cmsvulnerabilityWordpressWprecon

3 years ago

Burrow – Breaking Through Firewalls With Open Source Ingenuity

Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…

2 days ago

Cyber security

Its-A-Trap : Building Secure Web Applications With A Golang Web Server For Authentication

Simple golang webserver that listens for basic auth or post requests and sends a notification…

2 days ago

Cyber security

Nutek-Apple : Unleashing Power On macOS And Linux

Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…

2 days ago

Cyber security

SecureSphere Labs – A Haven For Cybersecurity Innovators And Ethical Hackers

Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…

2 days ago

Cyber security

Vulpes/VulpOS : The Docker-Powered All-in-One Workstation For Penetration Testing And Offsec Labs

All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…

2 days ago

Hacking Tools

LiCo-Extrator : Revolutionizing Icon Extraction Across Platforms

Got it! Below is the updated README.md file with instructions for downloading the project on…

3 days ago

Kali Linux Tutorials