wp-mass-recon
CommunityBatch WordPress recon across hundreds of domains in minutes.
Software Engineering#red team#wordpress#vulnerability scanning#mass recon#cors check#xmlrpc detection#source leak hunt
Authoruphiago
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Manually scanning large lists of domains for WordPress-specific vulnerabilities is extremely time-consuming and prone to missed findings, especially when performing sector-wide recon or triaging targets from subdomain enumeration tools.
Core Features & Use Cases
- Parallel batch scanning for WordPress presence, REST API user enumeration, CORS credential reflection, XMLRPC exposure, open registration, and sensitive file leaks across dozens to hundreds of domains.
- Proven on 600+ US SMB targets across 28 sectors, with built-in false positive filters for SPA catch-all responses and workarounds for common WAF and rate limiting blocks.
- Use cases include sector-wide vulnerability mapping, triaging large target lists from subfinder or crt.sh, and maximizing findings per minute for red team engagements.
Quick Start
Use the wp-mass-recon skill to scan a list of target domains stored at /root/output/targets.txt and generate a prioritized report of confirmed WordPress vulnerabilities and exposed sensitive files.
Dependency Matrix
Required Modules
None requiredComponents
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: wp-mass-recon Download link: https://github.com/uphiago/recon-skills/archive/main.zip#wp-mass-recon Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.