WPHunter A Wordpress Vulnerability Scanner

Related tags

Security wphunter
Overview

WPHunter Tool

Version Stage Build

WPHunter A Wordpress Vulnerability Scanner
You can use this tool on your wordpress website to check the security of your website by finding the vulnerability in your website.

Over 75 million websites run on WordPress. which is now powers 26% of the Web. Remarkably enough thousands of WP sites are vulnerable to attacks and get hacked each day. You can lose all your data, it can cost thousands of dollars, or worse, attackers might use your WordPress to target your visitors. Bots scan the web automatically for weak websites and hack into them within seconds. If your WordPress is vulnerable, it will be only a matter of time before you run into trouble. That's why you should get started as soon as possible and check if your WordPress is prone to attack.

[+] Auto Cms Detect

[1] WordPress :

The tool detects the wordpress version and try to find the vulnerabilities that are vulnerable on the version,the tools detects also the the plugins and themes installed on the website.
WPHunter can aslo find the backup files, path disclosure, and checks security headers.

Usage

Short Form Long Form Description
-h --help usage of the tool

Example

if you have list websites run tool with this command line

if you don't have list websites run the tool with this command

php wphunter.php https://www.example.com

Warning
  Don't try this tool against any website unless you have the permission from the website owner.

BUG ?

  • Submit new issue
  • Open new issue and submit it ... will try to fix it asap!

Installation Linux alt tag

git clone https://github.com/Jamalc0m/wphunter.git
cd WPHunter
php wphunter.php

Installation Windows alt tag

Download  and install PHP
Download WPHunter
Extract WPHunter into Desktop
Open CMD and type the following commands:
cd Desktop/wphunter-master/
php wphunter.php

Version

Current version is 0.1 Beta UpComing features:

Scan for plugins and theme vulnerabilities, generate reports (PDF,HTML), Passowrd Brute Force.
You might also like...
Exploit the vulnerability to install arbitrary applications in k61v1 without ROOT

k61v1injector Arbitrary application installer for Qin F21 Pro Exploit the vulnerability to install arbitrary applications in k61v1 without ROOT. Feel

Jim Wu 14 Nov 10, 2022
Open Source Vulnerability Disclosure Program
Open Source Vulnerability Disclosure Program

OpenVDP Open Source Vulnerability Disclosure Program Created by Akshat Parikh What is this web application? OpenVDP is a full stack web application th

null 25 Nov 9, 2022
Parse: A Static Security Scanner

Parse: A PHP Security Scanner PLEASE NOTE: This tool is still in a very early stage. The work continues... The Parse scanner is a static scanning tool

psec.io 342 Jan 2, 2023
A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

Enlightn Security Checker The Enlightn Security Checker is a command line tool that checks if your application uses dependencies with known security v

Enlightn 242 Dec 26, 2022
Scanner, signatures and the largest collection of Magento malware
Scanner, signatures and the largest collection of Magento malware

Improved malware scanner now available Good news: our opensource malware scanner "mwscan" has been succeeded by a much better one called eComscan. It

Willem de Groot 651 Dec 6, 2022
sqlscan is quick web scanner for find an sql inject point
sqlscan is quick web scanner for find an sql inject point

sqlscan sqlscan is quick web scanner for find an sql inject point. not for educational, this is for hacking. use sitemap for best result Simple to use

Bellatrix Lugosi 133 Dec 29, 2022
All in one tool for Information Gathering and Vulnerability Scanning
All in one tool for Information Gathering and Vulnerability Scanning

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

r3dhax0r 2.3k Jan 3, 2023
PHP code scanner to use with gettext/gettext

PHP code scanner to use with gettext/gettext

Gettext 12 Nov 11, 2022
A platform for CMS version detection, exploit suggestion and CVE display based on vulnerability

A platform for CMS version detection, exploit suggestion and CVE display based on vulnerability

HawkstoNGriM 3 Jul 7, 2022
Javascript code scanner to use with gettext/gettext

Javascript code scanner to use with gettext/gettext

Gettext 4 Feb 14, 2022
A dockerized PHP application containing some file upload vulnerability challenges (scenarios)

File Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges

Moein Fatehi 15 Dec 23, 2022
Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101
Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101

Fix Major Security Vulnerability on PrestaShop Websites 🚀 CVE-2022-31101 detector and fixer! A newly found exploit could allow remote attackers to ta

Mathias Reker ⚡️ 25 Nov 22, 2022
Application with SQL Injection vulnerability and possible privilege escalation
Application with SQL Injection vulnerability and possible privilege escalation

Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

Filip Karczewski 56 Nov 18, 2022
⚙️ A WordPress plugin to set WordPress options from a .env file.

dotenv A WordPress plugin to set WordPress options from a .env file. Any WPENV_ prefixed variables in the .env will be used to override the WordPress

Brad Parbs 13 Oct 6, 2022
WordPlate is a wrapper around WordPress. It makes developers life easier. It is just like building any other WordPress website with themes and plugins. Just with sprinkles on top.
WordPlate is a wrapper around WordPress. It makes developers life easier. It is just like building any other WordPress website with themes and plugins. Just with sprinkles on top.

WordPlate is simply a wrapper around WordPress. It makes developers life easier. It is just like building any other WordPress website with themes and plugins. Just with sprinkles on top.

WordPlate 1.7k Dec 24, 2022
(Hard) Fork of WordPress Plugin Boilerplate, actively taking PRs and actively maintained. Following WordPress Coding Standards. With more features than the original.

Better WordPress Plugin Boilerplate This is a Hard Fork of the original WordPress Plugin Boilerplate. The Better WordPress Plugin Boilerplate actively

Beda Schmid 46 Dec 7, 2022
A custom WordPress nav walker class to fully implement the Twitter Bootstrap 4.0+ navigation style (v3-branch available for Bootstrap 3) in a custom theme using the WordPress built in menu manager.

WP Bootstrap Navwalker This code in the main repo branch is undergoing a big shakeup to bring it in line with recent standards and to merge and test t

WP Bootstrap 3.3k Jan 5, 2023
A curated list of Awesome WordPress Theme, Plugins and Framework development Resources and WordPress Communities.

Awesome WordPress A curated list of Awesome WordPress Theme, Plugins and Framework development Resources and WordPress Communities. Inspired by bayand

Dropndot Limited 91 Dec 26, 2022
The Pronamic WordPress Basecone plugin allows you to connect your WordPress installation to Basecone.

Pronamic WordPress Basecone The Pronamic WordPress Basecone plugin allows you to connect your WordPress installation to Basecone. Table of contents Au

Pronamic 1 Oct 19, 2021
Comments
  • Getting WordPress version for sites without readme.html

    Getting WordPress version for sites without readme.html

    Not all sites have the /readme.html uploaded/accessible. Would it be possible to scrape the html for the generator meta tag instead or as a backup?

    <meta name="generator" content="WordPress 4.4.2" />
    opened by fiskhandlarn 4
  • InsecureWarning

    InsecureWarning

    Hello After launch wphunter i got a bunch of:

    **> InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings

    InsecureRequestWarning)**

    and no result, reading around i see is a problem related warnings and security. But im not a coder enough to understadn how to fix. I tried to downgrade to version:

    **> Downloading requests-2.5.3-py2.py3-none-any.whl (468kB)

    100% |████████████████████████████████| 471kB 2.2MB/s

    Installing collected packages: requests Found existing installation: requests 2.12.2 Uninstalling requests-2.12.2: Successfully uninstalled requests-2.12.2 Successfully installed requests-2.5.3**

    And i got same bunch of message but some results (few), any tips?

    Thanks

    opened by psychomad 3
  • Move wphunter.co api to this script instead

    Move wphunter.co api to this script instead

    Any chance you can move the functionality from https://www.wphunter.co/api/list.php into this script instead? It doesn't feel quite right to trust something we can't really see the source for.

    opened by fiskhandlarn 3

  • "SSL certificate problem"

    When trying on different sites (all with WordPress, but only some of them using SSL) I get this message before the script quits:

    SSL certificate problem: unable to get local issuer certificate

    I'm running the script in cygwin on Windows 10 with PHP 7.1.9 (cli).

    good first issue 
    opened by fiskhandlarn 3
Owner
Jamal Eddine
Jamal Eddine
GitHub https://www.wphunter.co
WebVulScan - a web application vulnerability scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities.

Dermot Blair 145 Nov 20, 2022
A php.ini scanner for best security practices

Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it

psec.io 1.5k Dec 5, 2022
sqlscan is quick web scanner for find an sql inject point

sqlscan sqlscan is quick web scanner for find an sql inject point. not for educational, this is for hacking. use sitemap for best result Simple to use

Bellatrix Lugosi 133 Dec 29, 2022
All in one tool for Information Gathering and Vulnerability Scanning

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

r3dhax0r 2.3k Jan 3, 2023
Javascript code scanner to use with gettext/gettext

Javascript code scanner to use with gettext/gettext

Gettext 4 Feb 14, 2022
WordPress plugin that provides instant switching between user accounts.

User Switching Stable tag: 1.5.7 Requires at least: 3.7 Tested up to: 5.7 Requires PHP: 5.3 License: GPL v2 or later Tags: users, profiles, user switc

John Blackbourn 166 Dec 4, 2022
A (unofficial) WordPress plugin reporting PHP and JavaScript errors to Sentry.

A (unofficial) WordPress plugin to report PHP and JavaScript errors to Sentry.

Alex Bouma 239 Dec 14, 2022
Laravel Automated Vulnerability Scanner

Todo Laravel Fingerprint Laravel Leak .env Laravel Debug Mode Laravel CVE-2018-15133 Laravel Ignition CVE-2021-3129 Insecure Deserialization with APP_

Carlos Vieira 52 Dec 4, 2022
WebVulScan - a web application vulnerability scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities.

Dermot Blair 145 Nov 20, 2022
A php.ini scanner for best security practices

Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it

psec.io 1.5k Dec 5, 2022