Hey Folks, today we have come up with a very tremendous tool called “WPrecon” which is specially made for WordPress reconnaissance or penetration testing purposes.

About WPrecon Tool

WPrecon (WordPress Recon) is a tool for wordpress exploration, fully developed in golang, to get better performance from your device. We are still in the alpha/beta phase, there are still bugs to be fixed, but we are discovering them over time. The focus is to make wprecon the best wordpress exploration tool, and keeping wprecon for free.

Let’s take a look πŸ˜› !!

Dependencies Setup – Golang Installation

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. The Wprecon tool is designed in the Go language, so we have to install the Go language environment in our linux machine to operate this tool.

Wprecon Tool Installation

Now we have come here to set up this tool. We execute the git command to download the tool from gitub, go to the directory and boot the tool directly from the go utility.

Also, you can identify all the features available in this tool using the help command.

Enumerate WordPress Users

As we told you, the tool is only designed to penetrate WordPress cms, so we have configured a WordPress CMS on our kali linux machine to use this tool. All we have to do is enter the URL of the target and give the parameter we want to get. When we execute the command it dumps all usernames from the target.

Usage πŸ™‚ !! go run main.go –url –users-enumerate

Enumerate WordPress Plugins

As above, we will try to enumerate the plugins using the following command.

Usage πŸ™‚ !! go run main.go –url –plugins-enumerate

Nice πŸ˜› !! Likewise, we get more such features in this tool to get useful information from target WordPress CMS.

WPrecon (GUI)

The article is not finished yet because we have a GUI version of this tool if you are not able to operate kali linux.

Analysis – Version

All you have to do is give the URL of the target and it will dump all the information just like the command line tool.

Server Details

You can see the public IP address of the target website along with the hosting provider and server details.


One thing we noticed is that the website of this tool is better than the command line utility.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

7 thoughts on “WPrecon – Vulnerability Recognition Tool For WordPress CMS”

  1. Wow, wonderful blog layout! How long have you been blogging for?
    you make blogging look easy. The overall look of your site is great, let alone
    the content!

  2. Hello there! This is kind of off topic but I need some advice from an established blog.
    Is it very difficult to set up your own blog? I’m not very techincal but I can figure
    things out pretty fast. I’m thinking about making my own but I’m not sure where to
    start. Do you have any points or suggestions? Thank you

  3. Hello, I enjoy reading through your article. I wanted to
    write a little comment to support you.

  4. Thank you a lot for sharing this with all folks you really know what you are
    talking about! Bookmarked. Please additionally visit my website =).
    We can have a link trade contract between us

  5. Today, while I was at work, my sister stole my iPad and tested to see if
    it can survive a forty foot drop, just so she can be a youtube sensation.
    My iPad is now broken and she has 83 views. I know this is totally off topic but I had to share it with someone!

  6. Write more, thats all I have to say. Literally, it seems as though you
    relied on the video to make your point. You clearly know what youre talking
    about, why throw away your intelligence on just posting videos to your
    site when you could be giving us something informative to read?

Leave a Reply

Your email address will not be published. Required fields are marked *