• We just launched and are currently in beta. Join us as we build and grow the community.

WPrecon – Vulnerability Recognition Tool For WordPress CMS

GEMS

Open World Pioneer
G
G Rep
0
0
0
Rep
0
G Vouches
0
0
0
Vouches
0
Posts
85
Likes
135
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 500 XP
Mint-Green-Workout-Fitness-Muscle-Supplement-Product-Presentation-1.png


Hey Folks, today we have come up with a very tremendous tool called “WPrecon” which is specially made for WordPress reconnaissance or penetration testing purposes.

About WPrecon Tool

WPrecon (WordPress Recon) is a tool for wordpress exploration, fully developed in golang, to get better performance from your device. We are still in the alpha/beta phase, there are still bugs to be fixed, but we are discovering them over time. The focus is to make wprecon the best wordpress exploration tool, and keeping wprecon for free.

Let’s take a look 😛 !!

Dependencies Setup – Golang Installation

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. The Wprecon tool is designed in the Go language, so we have to install the Go language environment in our linux machine to operate this tool.

apt install golang1apt install golang

1-6.png

Wprecon Tool Installation

Now we have come here to set up this tool. We execute the git command to download the tool from gitub, go to the directory and boot the tool directly from the go utility.

git clone https://github.com/blackcrw/wprecon.git
cd wprecon/
go run main.go123git clone
https://github.com/blackcrw/wprecon.gitcd wprecon/go run main.go

2-7.png


Also, you can identify all the features available in this tool using the help command.

go run main.go --help1go run main.go--help

3-7.png

Enumerate WordPress Users

As we told you, the tool is only designed to penetrate WordPress cms, so we have configured a WordPress CMS on our kali linux machine to use this tool. All we have to do is enter the URL of the target and give the parameter we want to get. When we execute the command it dumps all usernames from the target.

Usage 🙂 !! go run main.go –url –users-enumerate

go run main.go --url https://secnhack.in --users-enumerate1go run main.go--url https://secnhack.in --users-enumerate

4-7.png

Enumerate WordPress Plugins

As above, we will try to enumerate the plugins using the following command.

Usage 🙂 !! go run main.go –url –plugins-enumerate

go run main.go --url https://secnhack.in --plugins-enumerate1go run main.go--url https://secnhack.in --plugins-enumerate

5-7.png


Nice 😛 !! Likewise, we get more such features in this tool to get useful information from target WordPress CMS.

6-8.png

WPrecon (GUI)

The article is not finished yet because we have a GUI version of this tool if you are not able to operate kali linux.

wprecon.com

WordPress Recon and Security Testing | wprecon.com

Online WordPress Testing Tool to discover security related information and configuration issues.
wprecon.com wprecon.com

7-9.png

Analysis – Version

All you have to do is give the URL of the target and it will dump all the information just like the command line tool.

8-8.png

Server Details

You can see the public IP address of the target website along with the hosting provider and server details.

9-7.png

Plugins

One thing we noticed is that the website of this tool is better than the command line utility.

10-6.png
About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
 
You must log in or register to reply here.

422,212

310,551

310,560

A Ahmad19979
Top