WPrecon (WordPress Recon)
Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go.
Features
| Status | Features |
|---|---|
| ✅ | Random Agent |
| ✅ | Detection WAF |
| ✅ | User Enumerator |
| ✅ | Plugin Scanner |
| ✅ | Theme Scanner |
| ✅ | Tor Proxy’s |
| ✅ | Detection Honeypot |
| ❌ | Vulnerability Scanner |
| ❌ | Admin Finder |
Use
| Flag(s) | Description |
|---|---|
| -u, –url string | Target URL (Ex: http(s)://example.com/). (Required) |
| –users-enumerate | Use the supplied mode to enumerate Users. |
| –themes-enumerate | Use the supplied mode to enumerate Themes. |
| –plugins-enumerate | Use the supplied mode to enumerate Plugins. |
| –detection-waf | I will try to detect if the target is using any WAF. |
| –detection-honeypot | I will try to detect if the target is a honeypot, based on the shodan. |
| –no-check-wp | Will skip wordpress check on target. |
| –random-agent | Use randomly selected HTTP(S) User-Agent header value. |
| –tor | Use the Tor anonymity network. |
| –disable-tls-checks | Disables SSL/TLS certificate verification. |
| -h, –help | help for wprecon. |
| -v, –verbose | Verbosity mode. |