wpprobe: A fast WordPress plugin enumeration tool
WPProbe is a fast and efficient WordPress plugin scanner that leverages REST API enumeration (?rest_route) to detect installed plugins without brute-force.
Unlike traditional scanners that hammer websites with requests, WPProbe takes a smarter approach by querying the exposed REST API. This technique allows us to identify plugins stealthily, reducing detection risks and speeding up the scan process.
Currently, over 3030 plugins can be identified using this method!
How It Works
1️⃣ Fetch a list of known WordPress plugins from a precompiled database (Wordfence).
2️⃣ Scan the target site for exposed REST API routes (?rest_route=/).
3️⃣ Match the discovered endpoints with known plugin signatures.
4️⃣ Retrieve the installed version (when possible) by extracting metadata from files like readme.txt.
5️⃣ Correlate detected plugins with publicly known vulnerabilities (CVE mapping).
6️⃣ Output the results in a structured format (CSV or JSON) for easy analysis.
This means fewer requests, faster scans, and a lower chance of getting blocked by WAFs or security plugins!
Features
✅ Stealthy detection – No need to brute-force plugins; just ask WordPress nicely.
✅ High-speed scanning – Multithreaded scanning with a sleek progress bar.
✅ Vulnerability mapping – Automatically associates detected plugins with known CVEs.
✅ Multiple output formats – Save results in CSV or JSON.
✅ Resilient scanning – Handles sites with missing version info gracefully.
Limitations
🔹 Some plugins don’t expose REST API endpoints, making them undetectable via this method.
🔹 If a plugin is outdated, disabled, or hidden by security plugins, it may not be detected.
🔹 The technique relies on a predefined plugin-to-endpoint mapping, which is regularly updated.
