├── README.md ├── Results └── Results.txt ├── enumerate.py ├── lib └── ua.txt └── requirements.txt /README.md: -------------------------------------------------------------------------------- 1 | ## Wordpress Enumeration 2 | WordPress enumeration is the process of gathering information about a WordPress website, including its version, plugins, and themes. This information can be useful for several purposes, including vulnerability assessment, penetration testing, and website analysis. 3 | ## Screenshot: 4 | ![Screenshot_1](https://user-images.githubusercontent.com/25004320/235063221-83d95d41-f333-493b-a21c-8a60fdfbbe70.png) 5 | ![Screenshot_3](https://user-images.githubusercontent.com/25004320/235063233-ea9a099b-d685-422a-a37e-51dd09c4bdd0.png) 6 | ## Requirements 7 | - Python3.7+ 8 | ## Supported Os 9 | - Linuxer 10 | - Wingays 11 | ## Get start with 12 | ``` 13 | $ git clone https://github.com/Pari-Malam/Wordpress-CMS 14 | $ cd Wordpress-CMS 15 | $ pip/pip3 install -r requirements.txt 16 | $ python/python3 enumerate.py 17 | ``` 18 | ## Footprints Notes 19 | - By using this tool, you agree that you are using it for educational purposes only and that you will not use it for any illegal activity. You also agree to bear all risks associated with the use of this tool. I will not be responsible for direct or indirect damage caused by the use of this tool. Don't suyyyyyyyyyyyyyyyyyyyy me! 20 | ## Author 21 | - Pari Malam 22 | ## Contacts 23 | [![Telegram](https://img.shields.io/badge/-Telegram-blue)](https://telegram.me/SurpriseMTFK) 24 | [![Discord](https://img.shields.io/badge/-Discord-purple)](https://discordapp.com/users/829404192585678858) 25 | -------------------------------------------------------------------------------- /Results/Results.txt: -------------------------------------------------------------------------------- 1 | .++==========[Pari Malam]==========++. 2 | URLs: https://www.exoclick.com 3 | WordPress Version: 5.9 4 | Installed Plugins: 5 | Actived Themes: exoclick 6 | .++==========[Pari Malam]==========++. 7 | 8 | .++==========[Pari Malam]==========++. 9 | URLs: https://www.geeksforgeeks.org 10 | WordPress Version: 4.9.8 11 | Installed Plugins: 12 | Actived Themes: iconic-one 13 | .++==========[Pari Malam]==========++. 14 | 15 | .++==========[Pari Malam]==========++. 16 | URLs: https://www.movie2free.com 17 | WordPress Version: 6.2 18 | Installed Plugins: 19 | Actived Themes: next 20 | .++==========[Pari Malam]==========++. 21 | 22 | -------------------------------------------------------------------------------- /enumerate.py: -------------------------------------------------------------------------------- 1 | # Author: Pari Malam 2 | 3 | import os 4 | import random 5 | import requests 6 | from bs4 import BeautifulSoup 7 | import warnings 8 | import concurrent.futures 9 | from sys import stdout 10 | from colorama import Fore, Style, init 11 | warnings.filterwarnings("ignore") 12 | init(autoreset=True) 13 | 14 | FY = Fore.YELLOW 15 | FG = Fore.GREEN 16 | FR = Fore.RED 17 | FC = Fore.CYAN 18 | FW = Fore.WHITE 19 | 20 | def clear(): 21 | os.system('clear' if os.name == 'posix' else 'cls') 22 | 23 | def dirdar(): 24 | if not os.path.exists('Results'): 25 | os.mkdir('Results') 26 | dirdar() 27 | 28 | def banners(): 29 | clear() 30 | stdout.write(" \n") 31 | stdout.write(""+Fore.LIGHTRED_EX +"██╗ ██╗██████╗ ███████╗███╗ ██╗██╗ ██╗███╗ ███╗███████╗██████╗ █████╗ ████████╗██╗ ██████╗ ███╗ ██╗\n") 32 | stdout.write(""+Fore.LIGHTRED_EX +"██║ ██║██╔══██╗ ██╔════╝████╗ ██║██║ ██║████╗ ████║██╔════╝██╔══██╗██╔══██╗╚══██╔══╝██║██╔═══██╗████╗ ██║\n") 33 | stdout.write(""+Fore.LIGHTRED_EX +"██║ █╗ ██║██████╔╝█████╗█████╗ ██╔██╗ ██║██║ ██║██╔████╔██║█████╗ ██████╔╝███████║ ██║ ██║██║ ██║██╔██╗ ██║\n") 34 | stdout.write(""+Fore.LIGHTRED_EX +"██║███╗██║██╔═══╝ ╚════╝██╔══╝ ██║╚██╗██║██║ ██║██║╚██╔╝██║██╔══╝ ██╔══██╗██╔══██║ ██║ ██║██║ ██║██║╚██╗██║\n") 35 | stdout.write(""+Fore.LIGHTRED_EX +"╚███╔███╔╝██║ ███████╗██║ ╚████║╚██████╔╝██║ ╚═╝ ██║███████╗██║ ██║██║ ██║ ██║ ██║╚██████╔╝██║ ╚████║\n") 36 | stdout.write(""+Fore.LIGHTRED_EX +" ╚══╝╚══╝ ╚═╝ ╚══════╝╚═╝ ╚═══╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═══╝\n") 37 | stdout.write(""+Fore.YELLOW +"═════════════╦═════════════════════════════════╦══════════════════════════════════════════════════════════════════════\n") 38 | stdout.write(""+Fore.YELLOW +"╔════════════╩═════════════════════════════════╩═════════════════════════════╗\n") 39 | stdout.write(""+Fore.YELLOW +"║ \x1b[38;2;255;20;147m• "+Fore.GREEN+"AUTHOR "+Fore.RED+" |"+Fore.LIGHTWHITE_EX+" PARI MALAM "+Fore.YELLOW+"║\n") 40 | stdout.write(""+Fore.YELLOW +"╔════════════════════════════════════════════════════════════════════════════╝\n") 41 | stdout.write(""+Fore.YELLOW +"║ \x1b[38;2;255;20;147m• "+Fore.GREEN+"GITHUB "+Fore.RED+" |"+Fore.LIGHTWHITE_EX+" GITHUB.COM/PARI-MALAM "+Fore.YELLOW+"║\n") 42 | stdout.write(""+Fore.YELLOW +"╚════════════════════════════════════════════════════════════════════════════╝\n") 43 | print(f"{FY}[Wordpress-Enumeration] - {FG}Perform With Massive Wordpress Enumeration {FR}[Plugin/Theme]{Style.RESET_ALL}\n") 44 | banners() 45 | 46 | def load_user_agents(): 47 | with open("lib/ua.txt", "r") as ua_file: 48 | user_agents = ua_file.readlines() 49 | user_agents = [ua.strip() for ua in user_agents if ua.strip()] 50 | return user_agents 51 | 52 | def add_http_prefix(url): 53 | if not url.startswith("http://") and not url.startswith("https://"): 54 | url = "http://" + url 55 | return url 56 | 57 | def get_wordpress_info(url): 58 | target = add_http_prefix(url) 59 | headers = {'user-agent': random.choice(load_user_agents())} 60 | 61 | try: 62 | response = requests.get(target, headers=headers, verify=False) 63 | soup = BeautifulSoup(response.text, "html.parser") 64 | 65 | version_meta = soup.find("meta", {"name": "generator"}) 66 | version = None 67 | if version_meta and "content" in version_meta.attrs: 68 | content = version_meta["content"].split() 69 | if len(content) > 1: 70 | version = content[1] 71 | 72 | plugins = [] 73 | for link in soup.find_all("link", {"rel": "stylesheet"}): 74 | href = link.get("href") 75 | if href and "plugins" in href: 76 | plugins.append(href.split("plugins/")[1].split("/")[0]) 77 | 78 | theme_link = soup.find("link", {"rel": "stylesheet"}) 79 | theme = None 80 | if theme_link and "href" in theme_link.attrs: 81 | href = theme_link["href"] 82 | theme_parts = href.split("themes/") 83 | if len(theme_parts) > 1: 84 | theme = theme_parts[1].split("/")[0] 85 | 86 | except Exception as e: 87 | print(f"Error: {e}") 88 | return None, None, None 89 | 90 | return version, plugins, theme 91 | 92 | def scan_site(url): 93 | version, plugins, theme = get_wordpress_info(url) 94 | 95 | if version: 96 | output = ( 97 | f".++==========[Pari Malam]==========++.\n" 98 | f"URL: {url}\n" 99 | f"WordPress Version: {version}\n" 100 | f"Installed Plugins: {', '.join(plugins)}\n" 101 | f"Active Theme: {theme}\n" 102 | f".++==========[Pari Malam]==========++.\n\n" 103 | ) 104 | print(Fore.YELLOW + "[WORDPRESS-ENUM]" + Fore.RED + " .:" + Fore.GREEN + f" [W00T!] - {Fore.WHITE}{url}\n") 105 | print(Fore.YELLOW + "[WORDPRESS-ENUM]" + Fore.RED + " .:" + Fore.GREEN + f" WordPress Version: {Fore.WHITE}{version}") 106 | print(Fore.YELLOW + "[WORDPRESS-ENUM]" + Fore.RED + " .:" + Fore.GREEN + f" Installed Plugins: {Fore.WHITE}{', '.join(plugins)}") 107 | print(Fore.YELLOW + "[WORDPRESS-ENUM]" + Fore.RED + " .:" + Fore.GREEN + f" Active Theme: {Fore.WHITE}{theme}") 108 | with open('Results/Results.txt', 'a') as results_file: 109 | results_file.write(output) 110 | else: 111 | print(Fore.YELLOW + "[WORDPRESS-ENUM]" + Fore.GREEN + " .:" + Fore.RED + f" [NOT FOUND!] - {Fore.WHITE}{url}") 112 | 113 | if __name__ == '__main__': 114 | input_file = input(f"{Fore.YELLOW}[URL/IP LIST] {Fore.RED}.: {Fore.WHITE}") 115 | threads = int(input(f"{Fore.YELLOW}[THREAD: 10-30] {Fore.RED}.: {Fore.WHITE}")) 116 | 117 | try: 118 | with open(input_file, mode='r') as f: 119 | target = [i.strip() for i in f.readlines()] 120 | except FileNotFoundError: 121 | exit('\n WHUT ARE YOU DOIN? FILE NOT FOUND! ' + input_file) 122 | 123 | with concurrent.futures.ThreadPoolExecutor(max_workers=threads) as executor: 124 | futures = [executor.submit(scan_site, site) for site in target] 125 | 126 | for future in concurrent.futures.as_completed(futures): 127 | future.result() -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | colorama 3 | bs4 4 | urllib3 --------------------------------------------------------------------------------