swisskyrepo / Wordpresscan
WPScan rewritten in Python + some WPSeku ideas
Stars: ✭ 456
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Wordpresscan
Wp Functions List
This is a list of all WordPress functions from version 0 to version 4.8.1 along with the data of when they were first introduced and if they are deprecated or not
Stars: ✭ 88 (-80.7%)
Mutual labels: wordpress, wordpress-theme, wordpress-plugin
Coblocks
A suite of professional page building content blocks for the WordPress Gutenberg block editor.
Stars: ✭ 486 (+6.58%)
Mutual labels: hacktoberfest, wordpress, wordpress-plugin
Wponion
~ Lightweight, Flexible & Rapid WP Development Framework ~
Stars: ✭ 125 (-72.59%)
Mutual labels: wordpress, wordpress-theme, wordpress-plugin
Codestar Framework Old
This project has moved to https://github.com/Codestar/codestar-framework
Stars: ✭ 361 (-20.83%)
Mutual labels: wordpress, wordpress-theme, wordpress-plugin
Astra
A very lightweight and beautiful theme made to work with Page Builders.
Stars: ✭ 252 (-44.74%)
Mutual labels: hacktoberfest, wordpress, wordpress-theme
Wpintel
Chrome extension designed for WordPress Vulnerability Scanning and information gathering!
Stars: ✭ 70 (-84.65%)
Mutual labels: wordpress, wordpress-theme, wordpress-plugin
Themeforest Wp Theme Approval Checklist
A comprehensive list of rejection messages which you should avoid to get your WordPress theme approved quickly in Themeforest
Stars: ✭ 150 (-67.11%)
Mutual labels: wordpress, wordpress-theme, wordpress-plugin
Wprecon
WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.
Stars: ✭ 135 (-70.39%)
Mutual labels: wordpress, wordpress-theme, wordpress-plugin
Go
The most flexible Gutenberg-first WordPress theme built for go-getters everywhere.
Stars: ✭ 218 (-52.19%)
Mutual labels: hacktoberfest, wordpress, wordpress-theme
Wp Graphql Yoast Seo
This is an extension to the WPGraphQL plugin for Yoast SEO
Stars: ✭ 120 (-73.68%)
Mutual labels: hacktoberfest, wordpress, wordpress-plugin
Jetpack
Security, performance, marketing, and design tools — Jetpack is made by the WordPress experts to make WP sites safer and faster, and help you grow your traffic.
Stars: ✭ 1,283 (+181.36%)
Mutual labels: hacktoberfest, wordpress, wordpress-plugin
Wp Graphql
🚀 GraphQL API for WordPress
Stars: ✭ 3,097 (+579.17%)
Mutual labels: hacktoberfest, wordpress, wordpress-plugin
Fabrica Dev Kit
A toolkit for faster, smoother WordPress 5 development
Stars: ✭ 256 (-43.86%)
Mutual labels: wordpress, wordpress-theme, wordpress-plugin
Stream
🗄️ Stream plugin for WordPress
Stars: ✭ 335 (-26.54%)
Mutual labels: hacktoberfest, wordpress, wordpress-plugin
Vue Wordpress
Use Vue.js and the WP REST API to build WordPress themes as SPAs with dynamic routing, HMR for development, SEO enabled, and SSR capable. Demo:
Stars: ✭ 361 (-20.83%)
Mutual labels: wordpress, wordpress-theme
Flynt
Component based WordPress starter theme, powered by ACF Pro and Timber, optimized for a11y and fast page load results.
Stars: ✭ 363 (-20.39%)
Mutual labels: wordpress, wordpress-theme
Wp Graphql Acf
WPGraphQL for Advanced Custom Fields
Stars: ✭ 358 (-21.49%)
Mutual labels: hacktoberfest, wordpress
Controller
Composer package to enable a controller when using Blade with Sage 9
Stars: ✭ 345 (-24.34%)
Mutual labels: wordpress, wordpress-plugin
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-20.39%)
Mutual labels: vulnerabilities, vulnerability-scanners
Kuhn
WordPress theme featuring CSS Grid layouts via aggressive progressive enhancement. Proof of concept to get the conversation about what CSS Grid means for WordPress themes started. Currently running live at https://mor10.com
Stars: ✭ 365 (-19.96%)
Mutual labels: wordpress, wordpress-theme
Wordpresscan
A simple Wordpress scanner written in python based on the work of WPScan (Ruby version), some features are inspired by WPSeku.
Disclaimer
The authors of this github are not responsible for misuse or for any damage that you may cause!
You agree that you use this software at your own risk.
Install & Launch
Install
git clone https://github.com/swisskyrepo/Wordpresscan.git
cd Wordpresscan
Virtualenv
virtualenv .venv -p /usr/bin/python2.7
source .venv/bin/activate
pip install -r requirements.txt
Examples
Example 1 : Basic update and scan of a wordpress
python wordpresscan.py -u "http://localhost/wordpress" --update --random-agent
-u : Url of the WordPress
--update : Update the wpscan database
--aggressive : Launch an aggressive version to scan for plugins/themes
--random-agent : Use a random user-agent for this session
Example 2 : Basic bruteforce (option --brute, option --nocheck)
- bruteforce customs usernames
python wordpresscan.py -u "http://127.0.0.1/wordpress/" --brute --usernames "admin,guest" --passwords-list fuzz/wordlist.lst
- bruteforce with usernames list
python wordpresscan.py -u "http://127.0.0.1/wordpress/" --brute --users-list fuzz/wordlist.lst --passwords-list fuzz/wordlist.lst
- bruteforce detected users
python wordpresscan.py -u "http://127.0.0.1/wordpress/" --brute --passwords-list fuzz/wordlist.lst
╭─ 👻 [email protected]: ~/Github/Wordpresscan ‹master*›
╰─$ python main.py -u "http://127.0.0.1/wordpress/" --brute --users-list fuzz/wordlist.lst --passwords-list fuzz/wordlist.lst --nocheck
_______________________________________________________________
_ _ _
| | | | | |
| | | | ___ _ __ __| |_ __ _ __ ___ ___ ___ ___ __ _ _ __
| |/\| |/ _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|/ __/ _` | '_ \
\ /\ / (_) | | | (_| | |_) | | | __/\__ \__ \ (_| (_| | | | |
\/ \/ \___/|_| \__,_| .__/|_| \___||___/___/\___\__,_|_| |_|
| |
|_|
WordPress scanner based on wpscan work - @pentest_swissky
_______________________________________________________________
[+] URL: http://127.0.0.1/wordpress/
[!] The Wordpress 'http://127.0.0.1/wordpress/readme.html' file exposing a version number: 4.4.7
[i] Uploads directory has directory listing enabled : http://127.0.0.1/wordpress/wp-content/uploads/
[i] Includes directory has directory listing enabled : http://127.0.0.1/wordpress/wp-includes/
[i] Bruteforcing all users
[+] User found admin
[+] Starting passwords bruteforce for admin
Bruteforcing - ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
Example 3 : Thinking is overrated, this is aggressive, mostly not advised!
python wordpresscan.py -u "http://127.0.0.1/wordpress/" --fuzz
[i] Enumerating components from aggressive fuzzing ...
[i] File: http://127.0.0.1/wordpress/license.txt - found
[i] File: http://127.0.0.1/wordpress/readme.html - found
[i] File: http://127.0.0.1/wordpress/wp-admin/admin-footer.php - found
[i] File: http://127.0.0.1/wordpress/wp-admin/css/ - found
[i] File: http://127.0.0.1/wordpress/wp-admin/admin-ajax.php - found
[i] File: http://127.0.0.1/wordpress/wp-activate.php - found
--fuzz : Will fuzz the website in order to detect as much file, themes and plugins as possible
Output example from a test environment
Deploy a test environment
docker-compose -f wordpress_compose.yml up -d
To enable wp-json api you need to change "Permalink" to anything but "simple" in the settings.
Credits and Contributors
- Original idea and script from WPScan Team
- Many PR and bugfixes from bl4de
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].