Wp-Explorer is a Python-based tool designed to explore WordPress websites for sensitive paths and endpoints. It checks the response status codes for these paths, allowing you to identify potential issues or points of interest. Wp-Explorer supports both GET and POST HTTP methods for its requests.
- ✅ WordPress detection with multiple verification methods
- 🔍 Scans sensitive paths from
paths.txtwith status code analysis - 📜 Identifies WordPress version through metadata/readme files
- 👥 User account enumeration via author ID probing
- 🧩 Plugin/Themes detection using
plugins.txtandthemes.txt - 🚨 Vulnerability checks using WPScan Vulnerability Database
- 📡 XML-RPC endpoint status verification
- 📂 Multi-site scanning from a file input
- 🎨 Color-coded console output with ASCII art
- ⚡ Configurable delays between requests
- 📊 Export results to text/JSON/CSV formats
- Python 3.7 or higher
- Required files in root directory:
paths.txt- Contains paths to scanplugins.txt- Common plugin pathsthemes.txt- Common theme paths
- Optional
config.inifor API keys and settings
# Clone repository
git clone https://github.com/3issam-hub/Wp-Explorer.git
cd Wp-Explorer
# Install dependencies
pip install -r requirements.txt
# Create necessary files
touch paths.txt plugins.txt themes.txtPopulate
paths.txt,plugins.txt, andthemes.txtwith paths (one per line)
modify config.ini to customize settings:
[Api]
api_key = your_wpscan_api_key # Required for vulnerability checks
[Settings]
max_users_to_check = 10
request_delay = 1
output_format = text # Options: text, json, csvBasic Command:
python3 Wp-Explorer.py <URL> [OPTIONS]| Flag | Description |
|---|---|
-h, --help |
Show help message |
-o FILE, --output FILE |
Save results to file (supports .txt, .json, .csv) |
-m METHOD, --method METHOD |
HTTP method: GET (default) or POST |
-l FILE, --site-list FILE |
Scan multiple sites from file |
-v, --version |
Detect WordPress version |
-u, --users |
Enumerate user accounts |
-p, --plugins |
Check for installed plugins |
-t, --themes |
Check for installed themes |
-x, --xmlrpc |
Verify XML-RPC status |
--delay SECONDS |
Set delay between requests (default: 1s) |
- Basic Scan with JSON Output
python3 Wp-Explorer.py http://example.com -v -u -o results.json- Multi-Site Plugin Check
python3 Wp-Explorer.py -l targets.txt -p --delay 2- Full Security Audit
python3 Wp-Explorer.py http://example.com -vuptx -m POST -o audit.csv-
WordPress Verification
Checks forwp-login.php,wp-admin/, andwp-content/paths. -
Version Detection
Scans HTML meta tags, readme files, and RSS feeds for version information. -
User Enumeration
Tests?author={ID}endpoints to discover valid usernames. -
Plugin/Theme Detection
Checks paths fromplugins.txtandthemes.txtfor 200 responses. -
Vulnerability Assessment
Uses WPScan API to check for known vulnerabilities in detected components. -
XML-RPC Check
Verifies if XML-RPC interface is enabled (potential security risk).
Contributions welcome! Follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/improvement) - Commit changes (
git commit -am 'Add new feature') - Push to branch (
git push origin feature/improvement) - Open Pull Request
This tool is intended for authorized security testing and educational purposes only. Unauthorized use against websites without explicit permission is illegal. The developers assume no liability for misuse of this software.
This project is licensed under the GNU General Public License v3.0 - see LICENSE for details.
Made with
Contact Me |
Report Issue
