WPCracker – WordPress User Enumeration and Version Detection Tool

Vulnerability in CMS can be triggered due to an outdated version of CMS or by getting the username information that is related to CMS. This can help to perform a Social Engineering attack. WPCracker is an automated tool developed in the Python Language used to recognize the Version of the WordPress CMS sites. Along with this WPCracker tool supports the enumeration of usernames and also detects the plugins used on the target domain. WPCracker tool is available on the GitHub platform, it’s open-source and free-to-use.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process – Python Installation Steps on Linux

Installation of WPCracker Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/BBND/WPCracker

Step 2: Now use the following command to move into the directory of the tool. You have to move to the directory to run the tool.

cd WPCracker

Step 3: Now use the following command to run the tool and check the help section.

python3 wpCracker.py -h

Working with WPCracker Tool on Kali Linux OS

Example 1: Set URL for WordPress user enumeration

python3 wpCracker.py --enum http://geeksforgeeks.org

We have got the Usernames that are related to WordPress.

Example 2: Set URL to get WP version

python3 wpCracker.py -v http://geeksforgeeks.org

We have got the Version of WordPress used by geeksforgeeks.org

Example 3: Brute Force

./WPcracker --brute

Example 4: Using with custom settings

./WPCracker –brute -u http://geeksforgeeks.org -p /home/kali/Desktop/users.txt -n demo -t 10