+- I Red Team DEV (https://ired.dev)
+-- Forum: Offensive Security (https://ired.dev/forumdisplay.php?fid=3)
+--- Forum: Popular tools (https://ired.dev/forumdisplay.php?fid=4)
+--- Thread: WPProbe is a lightweight, fast and reliable tool to discover WordPress. (/showthread.php?tid=9)
WPProbe is a lightweight, fast and reliable tool to discover WordPress. - Unix_Root - 06-14-2025
Especially useful for cybersecurity professionals looking for maximum coverage with minimal detection. ‚
? Operation modes
1️⃣ Stealthy (stealth) - Default method:
- Check for exposed routes, such as? rest_route=/plugins/...
- Compare discovered routes with known patterns
- Get the module version (when available) and compare it to known vulnerabilities (CVE)
2️⃣ Brute Force
- Try to access the plugin directory directly (p. EJ. : /wp-content/plugins/name)
- Detect modules whose route does not throw a 404 error
- Get versions and CVE maps
3️⃣ Hybrid
- Start in stealth mode.
- Then brute force it into what was not initially detected
- Provides maximum range while maintaining discretion
?️ https://github.com/Chocapikk/wpprobe
RE: WPProbe is a lightweight, fast and reliable tool to discover WordPress. - zyphyrus - 06-15-2025
Thank you so much for this.
RE: WPProbe is a lightweight, fast and reliable tool to discover WordPress. - poisk-ls - 06-16-2025
What are the potential risks of using WPProbe’s Brute Force mode on a live WordPress site, and how can they be mitigated?