View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009201Kali LinuxNew Tool Requestspublic2025-06-01 12:212025-06-02 07:54
ReporterChocapikk Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0009201: WPProbe - WordPress plugin enumeration tool
Description

[Description / How to use]
WPProbe is a fast and efficient WordPress plugin scanner that uses REST API enumeration (?rest_route) to detect installed plugins without brute-forcing. It supports three modes:

Stealthy: sends targeted REST API requests to identify plugins and extract versions from files like readme.txt.

Brute-Force: directly checks plugin directories and observes HTTP response codes to detect presence.

Hybrid: performs a stealthy scan first, then brute-forces remaining plugins to maximize coverage while reducing unnecessary requests.

After detecting plugins, WPProbe correlates them with known public vulnerabilities (CVE) and outputs results in CSV or JSON format. Usage examples:

Update WPProbe and vulnerability database

./wpprobe update
./wpprobe update-db

Basic scan (Stealthy, default mode)

./wpprobe scan -u https://example.com

Brute-Force mode

./wpprobe scan -u https://example.com --mode bruteforce

Hybrid mode

./wpprobe scan -u https://example.com --mode hybrid

Scan multiple targets (20 threads)

./wpprobe scan -f targets.txt -t 20

Export results to CSV

./wpprobe scan -f targets.txt -t 20 -o results.csv

Export results to JSON

./wpprobe scan -f targets.txt -t 20 -o results.json

[Dependencies] –

Go 1.22+ for compilation (go mod tidy handles modules).

[Similar tools] – WPScan (WordPress plugin/theme scanner), Droopescan (CMS/plugin enumeration), CMSmap (CMS vulnerability scanner).

[Activity] –
Project started on February 9, 2025 (first commit tagged v0.2.0). It remains actively maintained, with version 0.6.2 released on May 28, 2025.

[How to install]
Option 1: go install (requires Go 1.22+)

go install github.com/Chocapikk/wpprobe@latest

Ensure $(go env GOPATH)/bin is in your $PATH.

Option 2: manual build

git clone https://github.com/Chocapikk/wpprobe
cd wpprobe
git checkout v0.6.2
go mod tidy
go build -o wpprobe

Copy the binary into a directory in your $PATH.

Option 3: Docker

git clone https://github.com/Chocapikk/wpprobe
cd wpprobe
git checkout v0.6.2
docker build -t wpprobe .
docker run -it --rm wpprobe

[Packaged] – Not packaged for Debian/Kali at this time.

Attached Files
logo.jpg (99,404 bytes)   
logo.jpg (99,404 bytes)   
wpprobe.png (254,675 bytes)   
wpprobe.png (254,675 bytes)   

Activities

Issue History

Date Modified Username Field Change
2025-06-01 12:21 Chocapikk New Issue
2025-06-01 12:21 Chocapikk File Added: logo.jpg
2025-06-01 12:21 Chocapikk File Added: wpprobe.png
2025-06-02 07:54 daniruiz Summary WPProbe, WordPress plugin enumeration tool => WPProbe - WordPress plugin enumeration tool