- Stealthy plugin detection using REST API enumeration (
?rest_route=/). - High-speed scanning with multithreading and a progress bar.
- Vulnerability mapping with known CVEs.
- Multiple output formats (CSV, JSON).
- Update system via the
updatecommand to easily fetch the latest release. - Use
/wp-jsonto target all permalink configurations, not just?rest_route=/.
Ref: WP-Rest-Enum - Brute-force plugin list (inspired by wpfinger) as a separate scan mode to keep stealth intact.
- Add
uninstallcommand to clean up installations/configs. - Hybrid scan mode: Start with stealthy mode, then skip already found plugins during fuzzing to optimize speed and stealth.
- Rate limiting system: Add requests per second (RPS) limit to prevent overwhelming targets and respect server limits. Implemented via token bucket limiter in HTTPClientManager. Added
--rate-limitflag to control request rate. (Issue #11) - WPScan API integration: Enterprise mode support with batch database exports. Downloads complete vulnerability database (10000+ plugins) in a single request. Note: Integration not yet fully tested, use with caution.
- Codebase refactoring: Major reorganization of scanner package, DRY principles applied to vulnerability management and writers, package structure improvements.
- Dockerfile improvements: Multi-stage build with volumes for data and config persistence.
- CI optimization: Added caching for Go modules, build cache, and golangci-lint. Removed redundant formatting tools.
- [~] WPScan integration: Enterprise mode implemented but requires testing and validation.
- Create
configcommand for API keys management with secure storage. - Implement theme detection (even if unlikely, some themes may expose endpoints).
- Test and validate WPScan integration in production environments.
- Add more vulnerability databases beyond Wordfence and WPScan.
π‘ If you're reading this and want to contribute to any of these features, feel free to jump in! Pull requests are welcome.