WordPress fingerprinting tools

Supporting image for WordPress security tooling and tips

Introduction

Good fingerprinting tools need to be part of your toolbox, especially if you perform regular security analysis. This category of tools specifically targets WordPress installations, even though some can be used for others as well.

Usage

WordPress fingerprinting tools are typically used for application discovery, application fingerprinting, application testing, web application analysis.

Users for these tools include pentesters, security professionals.

Tools

Plecost (WordPress fingerprinting)

web application analysis

Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.

WordPress Exploit Framework (WordPress exploiting toolkit)

penetration testing, security assessment, vulnerability scanning, web application analysis

The WordPress Exploit Framework (WPXF) provides a set of tools to assess and exploit WordPress installations. It can be used for pentesting and red teaming assignments. The tool is less friendly for beginners, but more experienced pentesters will find no difficulty in using it.

wp_enum (user enumeration)

penetration testing, security assessment, vulnerability scanning

This utility scans for the available identities on a WordPress installation.

WPScan (WordPress vulnerability scanner)

penetration testing, security assessment, vulnerability scanning

WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.