wp_ninja

This a simple tool to fully scan your WordPress site (themes, plugins, configurations...).

What benefits do I can get by using it?

Full Plugins and Themes scan which prides you with links to potential vulnerabilities in it (from WPScan).
Full xmlrpc exploits check.
Users enumeration.
Users extraction from REST-API.
Setting your own User-Agent.
Setting your own Cookie.
Setting your own HTTP proxy.
Setting xmlrpc's path.
Configurable Timeout.
Disabling any undesirable scans.

pip install -r requirements.txt

If you are on linux run it as root (to automatically install NodeJS):

sudo pip install -r requirements.txt

python wp_ninja.py -h

python wp_ninja.py -u http://www.example.com

python wp_ninja.py -u http://www.example.com -t 14 -ua "user agent string" -c "cookie string" -p "127.0.0.1:8080" -x /xmlrpc.php

python wp_ninja.py -d general -d xmlrpc -u http://www.example.com

If you are using Windows OS, please install NodeJS on your computer.