WPProbe

WPProbe is a high-speed WordPress plugin scanner designed for stealthy enumeration of installed plugins on WordPress sites. It leverages the WordPress REST API to detect plugins and cross-references them against the Wordfence vulnerability database to identify known CVEs. This tool is particularly useful for security assessments of WordPress installations, enabling quick identification of potentially exploitable plugins.

Use cases include penetration testing, vulnerability hunting, and compliance audits for websites running WordPress. The scanner operates efficiently without requiring brute-force for many common plugins, making it suitable for large-scale scans or time-sensitive operations. Additional commands allow searching vulnerabilities by filters, listing detectable CVEs by severity, and maintaining the tool's databases up to date.

WPProbe emphasizes speed and stealth, providing detailed output on detected plugins and associated risks. It includes self-management features like updating to the latest version and uninstalling cleanly.

WPProbe enumerates installed WordPress plugins by querying the site's REST API endpoints, avoiding traditional brute-force methods for over 3000 plugins. It maps detected plugins to vulnerabilities using the integrated Wordfence database. Databases can be updated via 'update-db' command, and scans check for known CVEs split by severity.