Home / Unlabelled / Wprecon - A Vulnerability Recognition Tool In CMS Wordpress, 100% Developed In Go

Wprecon - A Vulnerability Recognition Tool In CMS Wordpress, 100% Developed In Go


Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.


Notice:

Why is the project out of updates these days ?! What happens is that I am doing the vulnerability scanner.

Branch Dev

Compile and Install

Features

  • Random Agent
  • Detection WAF
  • User Enumerator
  • Plugin Scanner
  • Theme Scanner
  • Tor Proxy's
  • Detection Honeypot
  • Fuzzing Backup Files

Usage

Flag(s) Description
-u, --url string Target URL (Ex: http(s)://example.com/). (Required)
--users-enumerate Use the supplied mode to enumerate Users.
--themes-enumerate Use the supplied mode to enumerate Themes.
--plugins-enumerate Use the supplied mode to enumerate Plugins.
--detection-waf I will try to detect if the target is using any WAF.
--detection-honeypot I will try to detect if the target is a honeypot, based on the shodan.
--no-check-wp Will skip wordpress check on target.
--random-agent Use randomly selected HTTP(S) User-Agent header value.
--tor Use Tor anonymity network.
--disable-tls-checks Disables SSL/TLS certificate verification.
-h, --help help for wprecon.
-v, --verbose Verbosity mode.

WPrecon running

Command: wprecon --url "https://www.xxxxxxx.com/" --detection-waf


Output:
—————————————————————————————————————————————————————————————————————___       ______________________________________________   ____ |     / /__  __ \__  __ \__  ____/_  ____/_  __ \__  | / /__ | /| / /__  /_/ /_  /_/ /_  __/  _  /    _  / / /_   |/ /__ |/ |/ / _  ____/_  _, _/_  /___  / /___  / /_/ /_  /|  /____/|__/  /_/     /_/ |_| /_____/  \____/  \____/ /_/ |_/Github: https://github.com/blackcrw/wpreconVersion: 0.0.1a————————————————————————————————————————————————————————————————————[•] Target: https://www.xxxxxxx.com/[•] Starting: 09/jan/2020 12:11:17[•] Listing enable: https://www.xxxxxxx.com/wp-content/plugins/[•] Listing enable: https://www.xxxxxxx.com/wp-content/themes/[•••] Status Code: 200 — URL: https://www.xxxxxxx.com/wp-admin/[•••] I'm not absolutely sure that this target is using wordpress! 37.50% chance. do you wish to continue ? [Y/n]: Y[•••] Status Code: 200 — WAF: Wordfence Security Detected[•••] Do you wish to contin   ue ?! [Y/n] : Y



Source: feedproxy.google.com
Wprecon - A Vulnerability Recognition Tool In CMS Wordpress, 100% Developed In Go Wprecon - A Vulnerability Recognition Tool In CMS Wordpress, 100% Developed In Go Reviewed by Anonymous on 3:34 AM Rating: 5

Tags