Skip to content
/ wprecon Public

Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.

License

GPL-3.0 license
1 star 49 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

attacker-codeninja/wprecon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

126 Commits
cli
cli
 
 
internal
internal
 
 
pkg
pkg
 
 
tools/wordpress
tools/wordpress
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

WPrecon (Wordpress Recon)

License: GPL v3 GitHub commit activity GitHub go.mod Go version (branch)

Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.

Version: Alfa !

Features

Status Features
Random Agent
Detection WAF
User Enumerator
Plugin Scanner
Theme Scanner
Vulnerability Scanner
Tor Proxy's

Usage

Flag(s) Description
-d, --detection-waf I will try to detect if the target is using any WAF.
-h, --help help for wprecon
--no-check-wp Will skip wordpress check on target
--random-agent Use randomly selected HTTP(S) User-Agent header value
-u, --url string Target URL (Ex: http(s)://google.com/) (Required)
-e, --user-enum Tries to enumerate users
-v, --verbose Verbosity

WPrecon running

Command: wprecon --url "https://www.xxxxxxx.com/" --detection-waf

Output:
—————————————————————————————————————————————————————————————————————

___       ______________________________________________   __
__ |     / /__  __ \__  __ \__  ____/_  ____/_  __ \__  | / /
__ | /| / /__  /_/ /_  /_/ /_  __/  _  /    _  / / /_   |/ /
__ |/ |/ / _  ____/_  _, _/_  /___  / /___  / /_/ /_  /|  /
____/|__/  /_/     /_/ |_| /_____/  \____/  \____/ /_/ |_/

Github: https://github.com/blackcrw/wprecon
Version: 0.0.1a
—————————————————————————————————————————————————————————————————————
[•] Target: https://www.xxxxxxx.com/
[•] Starting: 09/jan/2020 12:11:17

[•] Listing enable: https://www.xxxxxxx.com/wp-content/plugins/
[•] Listing enable: https://www.xxxxxxx.com/wp-content/themes/
[•••] Status Code: 200 — URL: https://www.xxxxxxx.com/wp-admin/
[•••] I'm not absolutely sure that this target is using wordpress! 37.50% chance. do you wish to continue ? [Y/n]: Y
[•••] Status Code: 200 — WAF: Wordfence Security Detected
[•••] Do you wish to continue ?! [Y/n] : Y

Install & Compile

For you to compile wprecon you will need to have the golang compiler installed. And for that you will access the official website of golang and will download and install it. Here!

Once downloaded and installed you will download wprecon directly from github with the command:

(There are two ways to do this, and I will teach both.)
  1. Primary way:
  • go get github.com/blackcrw/wprecon;
  1. Second way:
  • mkdir ~/Go/src/github.com/blackcrw/wprecon;
  • cd ~/Go/src/github.com/blackcrw;
  • git clone https://github.com/blackcrw/wprecon;
  • go get wprecon.

After downloading wprecon you will compile with the command:

(There are already some ways to do this ... but I'll show you the simplest and quickest.)
  • go build ~/Go/src/blackcrw/github.com/blackcrw/wprecon.

🎉 🎉 🎉 Ready!!! Your wprecon is compiled, now just start using it. It was pretty easy, right ?!

Yes Baby, Thank You! ✋

About

Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

49 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages