wp-mass-recon

Community

Batch WordPress recon across hundreds of domains in minutes.

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Manually scanning large lists of domains for WordPress-specific vulnerabilities is extremely time-consuming and prone to missed findings, especially when performing sector-wide recon or triaging targets from subdomain enumeration tools.

Core Features & Use Cases

  • Parallel batch scanning for WordPress presence, REST API user enumeration, CORS credential reflection, XMLRPC exposure, open registration, and sensitive file leaks across dozens to hundreds of domains.
  • Proven on 600+ US SMB targets across 28 sectors, with built-in false positive filters for SPA catch-all responses and workarounds for common WAF and rate limiting blocks.
  • Use cases include sector-wide vulnerability mapping, triaging large target lists from subfinder or crt.sh, and maximizing findings per minute for red team engagements.

Quick Start

Use the wp-mass-recon skill to scan a list of target domains stored at /root/output/targets.txt and generate a prioritized report of confirmed WordPress vulnerabilities and exposed sensitive files.

Dependency Matrix

Required Modules

None required

Components

scripts

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: wp-mass-recon
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#wp-mass-recon

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.