Wprecon – A Vulnerability Recognition Tool In CMS WordPress, 100% Developed In Go

Hello! Welcome. Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go.
Notice:

Why is the project out of updates these days ?! What happens is that I am doing the vulnerability scanner.

Branch Dev

Compile and Install

Features

  • Random Agent
  • Detection WAF
  • User Enumerator
  • Plugin Scanner
  • Theme Scanner
  • Tor Proxy’s
  • Detection Honeypot
  • Fuzzing Backup Files

Usage

Flag(s)Description
-u, –url stringTarget URL (Ex: http(s)://example.com/). (Required)
–users-enumerateUse the supplied mode to enumerate Users.
–themes-enumerateUse the supplied mode to enumerate Themes.
–plugins-enumerateUse the supplied mode to enumerate Plugins.
–detection-wafI will try to detect if the target is using any WAF.
–detection-honeypotI will try to detect if the target is a honeypot, based on the shodan.
–no-check-wpWill skip wordpress check on target.
–random-agentUse randomly selected HTTP(S) User-Agent header value.
–torUse Tor anonymity network.
–disable-tls-checksDisables SSL/TLS certificate verification.
-h, –helphelp for wprecon.
-v, –verboseVerbosity mode.

WPrecon running

Command: wprecon --url "https://www.xxxxxxx.com/" --detection-waf
Output:

—————————————————————————————————————————————————————————————————————

___ ______________________________________________ __
__ | / /__ __ \__ __ \__ ____/_ ____/_ __ \__ | / /
__ | /| / /__ /_/ /_ /_/ /_ __/ _ / _ / / /_ |/ /
__ |/ |/ / _ ____/_ _, _/_ /___ / /___ / /_/ /_ /| /
____/|__/ /_/ /_/ |_| /_____/ \____/ \____/ /_/ |_/

Github: https://github.com/blackcrw/wprecon
Version: 0.0.1a
————————————————————————————————————————————————————————————————————
[•] Target: https://www.xxxxxxx.com/
[•] Starting: 09/jan/2020 12:11:17

[•] Listing enable: https://www.xxxxxxx.com/wp-content/plugins/
[•] Listing enable: https://www.xxxxxxx.com/wp-content/themes/
[•••] Status Code: 200 — URL: https://www.xxxxxxx.com/wp-admin/
[•••] I'm not absolutely sure that this target is using wordpress! 37.50% chance. do you wish to continue ? [Y/n]: Y
[•••] Status Code: 200 — WAF: Wordfence Security Detected
[•••] Do you wish to contin ue ?! [Y/n] : Y

Download Wprecon

+————————————————-

This is only an educational purposes only I am not responsible for further activities

Join my forum and learn more ethical hacking and penetration testing

https://t.me/WhiteHatHacks

Get me at

https://t.me/alex14324

https://github.com/alex14324

https://www.instagram.com/alex_14324/

https://discord.gg/6NPtGxZ

——————————————————-+

Leave a Reply

Your email address will not be published. Required fields are marked *