Skip to content
Latest commit 8af044b Jan 9, 2015 @FireFart Update
Failed to load latest commit information.
.gitignore Gitignore Jan 3, 2013
CREDITS Added credits Dec 12, 2012
Gemfile use gemfile Jul 21, 2013
Gemfile.lock use gemfile Jul 21, 2013 Update Jan 9, 2015
wppps.rb use gemfile Jul 21, 2013


Wordpress exposes a so called Pingback API to link to other blogposts. Using this feature you can scan other hosts on the intra- or internet via this server. You can also use this feature for some kind of distributed port scanning: You can scan a single host using multiple Wordpress Blogs exposing this API. This issue was fixed in Wordpress 3.5.1. Older versions are vulnerable, if the XML-RPC Interface is active.


Before you start you need to install all dependencies with

gem install bundler
bundle install

Quick-scan a target via a blog:

ruby wppps.rb -t

Use multiple blogs to scan a single target:

ruby wppps.rb -t

Scan a free blog (all ports) from the internal network:

ruby wppps.rb -a -t http://localhost
Something went wrong with that request. Please try again.