Description
wprecon is a WordPress reconnaissance tool written in Go. It performs aggressive detection of WordPress installations including theme/plugin enumeration, user detection, backup file discovery, and vulnerability identification. Fast alternative to WPScan for quick checks.
Installation
BASH
go install github.com/blackcrw/wprecon@latestBasic Usage
BASH
# Basic WordPress scan
wprecon --url https://target.com
# Enumerate plugins
wprecon --url https://target.com --enumerate p
# Enumerate users
wprecon --url https://target.com --enumerate uAdvanced Usage
BASH
# Full enumeration
wprecon --url https://target.com --enumerate p,t,u
# Aggressive detection
wprecon --url https://target.com --agressive-mode
# Custom threads
wprecon --url https://target.com --threads 20
# Random User-Agent
wprecon --url https://target.com --random-agent
# Force scan (even if WordPress not detected)
wprecon --url https://target.com --forceCommon Workflows
BASH
# Quick WP recon
wprecon --url https://target.com --enumerate p,t,u --agressive-mode
# Compare with WPScan findings
wprecon --url https://target.com --enumerate p
wpscan --url https://target.com --enumerate p