WPScan rewritten in Python + some WPSeku ideas

Advanced web security scanner with 49 modules, evasion engine, and CVE database.

A wordpress security auditor! Audit your wordpress application for security issues with even 1 request.

WPAUDIT: Advanced WordPress security auditing suite & vulnerability scanner. Automates pentesting with Nmap, WPScan, Nuclei, SQLMap. Comprehensive reports. Ideal for ethical hackers & Kali Linux.

ICU-WP is a Flask-based WordPress username enumeration tool. It detects WordPress sites and uses methods like author URL checks, REST API queries, and user detail endpoints to find usernames. Ideal for security assessments, this tool supports configurable timeouts and concurrency.

WordPress vulnerability scanner with public exploit/POC lookup, gambling spam (judol) detection, and AI-powered analysis. Scan plugins, themes & core for known CVEs — offline or remote.

25 production-tested defensive security skills for Claude Code - WordPress, VPS, Cloudflare, Next.js hardening, AI agent guardrails, MCP security, prompt injection defense, OWASP LLM Top 10, LLM coding failure modes (slopsquatting, hallucinated APIs, sycophancy), incident response, GDPR/DACH compliance. MIT, battle-tested.

Script for bruteforcing multiple Wordpress Users (XMLRPC)

#1 Open WordPress vulnerability database tracking 27,000+ issues (plugins, themes, core). Updated On Daily Basis. Formats: SQLite, CSV, Excel.

WPAUDIT is a flexible tool for assessing WordPress security, helping users find vulnerabilities quickly. 🛡️ With its modular design, you can customize scans to fit your specific needs. 🖥️

Proof of concept for unauthenticated sensitive data disclosure affecting the wp-import-export WordPress plugin (CVE-2022-0236)

With this program you can penetrate WordPress sites.

WordPress 6.4 honeypot — mimics a real WP site to capture attacker probes, login bruteforce & plugin enumeration. Wordpot2 – WordPress honeypot (Python 3 + Flask) – port de gbrindisi/wordpot . WPScan validated.

AI-powered automated penetration testing agent. Finds and exploits vulnerabilities in web apps, WordPress, and REST APIs using Claude AI with Tor routing.

This tool scans WordPress websites for vulnerabilities in the WP Time Capsule plugin related to CVE-2024-8856. It identifies plugin versions below 1.22.22 as vulnerable and logs results to vuln.txt. Simple and efficient, it helps security researchers and admins detect and address risks quickly.

Cordyceps - The parasitic fungus that finds what's taking over your WordPress. Automated plugin vulnerability scanner powered by Mycelium + Patchstack Academy. OpenClaw skill.

Wreckair-DB is a WordPress security testing tool that exploits insecure design in the repair.php functionality to trigger a prolonged Denial of Service (DoS) condition.

Proof of Concept for CVE-2021-29447 written in Python

WP-STEG is a WordPress security audit tool that detects orphaned or hidden media files by comparing data from the WP-JSON API with files found via directory listing.

authorized CYBERDUDEBIVASH ECOSYSTEM tool for detecting CVE-2026-23550 in WordPress Modular DS plugin