Skip to content

DotX-47/WP-Dex

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
images
images
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
WP-Dex.py
WP-Dex.py
 
 

Repository files navigation

🛡️ WP-Dex — Advanced WordPress Passive Recon Tool

⚡ Deep reconnaissance • Passive scanning • Zero exploitation
WP-Dex is a powerful Python-based tool designed to gather detailed intelligence about WordPress websites without modifying or attacking the target.

📸 Preview

🔍 Banner

Scan Output

🔍 Scan Output

Report Output

🚀 What is WP-Dex?

WP-Dex is a passive reconnaissance tool built for security researchers, developers, and ethical hackers.
It collects publicly accessible data from WordPress websites and presents it in a structured, readable format.

Unlike aggressive tools, WP-Dex does NOT exploit vulnerabilities — it only reveals what is already exposed.

🔍 Scan Output

Report Output

🧠 What Does It Do?

🔎 WordPress Detection

Confirms if a target is running WordPress using multiple indicators.

🖥️ Server & Technology Fingerprinting

Detects server type, PHP version, CDN/WAF, and technologies like jQuery, Bootstrap, WooCommerce, Elementor.

🔢 WordPress Version Detection

Extracts version from meta tags, feeds, readme files, and scripts.

👤 User Enumeration

Discovers usernames via REST API, author ID, sitemaps, and oEmbed.

📧 Email Harvesting

Extracts emails from page content and mailto links.

🔌 Plugin Detection

Finds plugins via source analysis, probing, and database matching.

🎨 Theme Detection

Identifies themes and extracts metadata like version and author.

🗺️ Site Structure Mapping

Maps pages, posts, categories, tags, and menus.

🌐 Social & Contact Info

Extracts social profiles and phone numbers.

⚠️ Vulnerability Matching

Matches plugins with known CVEs using offline database.

🔒 Security Checks

Checks exposed paths and analyzes HTTP security headers.

🔍 Scan Output

Report Output

⚙️ Installation

git clone https://github.com/DotX-47/WP-Dex.git
cd WP-Dex
pip install requests beautifulsoup4

▶️ Usage

python WP-Dex https://example.com

🔍 Scan Output

Report Output

📂 Output

  • Terminal (structured output)
  • JSON report (optional)

⚠️ Disclaimer

Use only on websites you own or have permission to test.

👨‍💻 Author

DotX-47

About

WP-Dex is an advanced passive WordPress reconnaissance tool built in Python for security auditing and intelligence gathering. It extracts detailed information about WordPress websites including plugins, themes, users, server fingerprinting, exposed paths, and known vulnerabilities — without performing any exploitation or modification. Designed for

Topics

python wordpress security osint cybersecurity penetration-testing bug-bounty web-security vulnerability-scanners ethical-hacking information-gathering security-tools reconnaissance website-analysis passive-recon

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages