WPSEC is a command-line security scanner designed to analyze WordPress websites for vulnerabilities, misconfigurations, and potential security risks. It automates various security checks to assist penetration testers, security researchers, and system administrators in assessing the security posture of WordPress-based web applications.
- WordPress Detection
- Open Port Scanning
- Plugin & Theme Enumeration
- WordPress Version Identification
- User Enumeration & Credential Discovery
- SQL Injection & XSS Scanner
- Brute-Force Attack Module
- Structured Logging
- User Enumaration
__ __ ___ __ ___ ___ __
\ V V / '_ (_-</ -_) _|
\_/\_/| .__/__/\___\__|
|_|
wpsec - wordpresssecurity scanner by intSpLoiT
usage: scanner.py [-h] [-m {quick,default,deep}] [-l] [--sql] [--xss] [--brute] [--timeout TIMEOUT] [--verbose] url
WordPress Security Scanner
positional arguments:
url Target WordPress site URL
options:
-h, --help show this help message and exit
-m {quick,default,deep}, --mode {quick,default,deep}
Scan mode
-l, --log Save results to a log file
--sql Run only SQL Injection scan
--xss Run only XSS scan
--brute Run only brute-force attack
--timeout TIMEOUT Set request timeout (default: 5 seconds)
--verbose Enable detailed output