ICU-WP is designed to scan WordPress sites for potential username enumeration vulnerabilities. This tool performs multiple checks to identify if a WordPress site is vulnerable to username enumeration through various methods.
- WordPress Detection: Identifies if a site is a WordPress installation.
- Author Enumeration: Attempts to enumerate usernames by querying author URLs.
- REST API Enumeration: Checks multiple REST API endpoints for user information.
- User Details Check: Attempts to fetch user details through REST API endpoints.
- WordPress.com API Check: Queries the WordPress.com public API for additional site information.
- Python 3.7+
- Flask
- Requests
- Werkzeug
-
Clone the repository:
https://github.com/AnonKryptiQuz/ICU-WP.git cd ICU-WP
-
Install the required packages:
pip install -r requirements.txt
Ensure
requirements.txt
contains:Flask requests Werkzeug
-
Run the Flask application:
python ICU-WP.py
-
Open your browser and navigate to
http://127.0.0.1:5000
. -
Enter the URL of the WordPress site you want to scan, set the request timeout and the number of concurrent threads, then click "Start Scan".
- A simple HTML form is provided for users to enter the site URL and configuration settings.
- Results are displayed dynamically on the same page using JavaScript.
Created by: AnonKryptiQuz, Coffinxp7, hexsh1dow, and Naho