PwnPress Console

pwnpress

PwnPress Framework is here — Time to ditch WPScan

By pwnpress April 24, 2025

Header image

Welcome to a new era of WordPress security testing. If you've ever felt shackled by API rate limits, outdated vulnerability scans, or just the sluggish pace of community tools like WPScan — you're not alone. Enter PwnPress Framework: a fresh, fast, and fully open-source alternative that’s ready to shake up the scene.

Why PwnPress?

PwnPress is a powerful and automated WordPress vulnerability scanner — but calling it just a scanner doesn’t do it justice. It’s a growing framework for reconnaissance, enumeration, and (soon) exploitation of WordPress sites. It’s built for hackers, by hackers — and that means no signup walls, no API keys, no arbitrary limits.

🧠 The goal? Combine speed, modularity, and automation into a single tool that actually makes your recon easier — and way more fun.

Whether you’re scraping directories, building phishing pages, or validating thousands of WordPress targets, PwnPress gets it done.

🔧 Features at a glance

  • Automated scanning for core, plugin, and theme vulnerabilities
  • Batch target validation to detect real WordPress sites
  • Directory scraping for juicy file listings
  • Phishing page generation for default or custom WP logins
  • XML-RPC brute forcing (via system.Multicall)
  • Request crafting & settings management

Coming soon

  • 🚧 Response analysis and smarter detection logic
  • 🚧 Built-in exploitation modules for RCE, SQLi, XSS, and more
  • 🚧 Integration with external tools like Mockbin

🚀 Getting started

PwnPress runs on Java 17 and is available for Linux, Windows, and as a plain .jar.

Option 1 – Java (any OS)

java -jar pwnpress_1.2.0_cli.jar

Option 2 – Debian

sudo apt install openjdk-17-jre
sudo dpkg -i pwnpress_1.2.0.deb
pwnpress

Option 3 – Windows

Unzip and run the executable — no setup needed.

💡 Pro tips

Once you're in, type help to explore available commands. Navigate between sections like scanner, phisher, bruteforce, and target to dig deep into your recon flow.

Some commands are still in development, but what's there now is already robust and ready to use in your next engagement.

See the full list of commands in the official Github repo.

🤝 Contribute to the Mission

The code is still rough around the edges — but that’s where you come in. If you’re a dev, hacker, reverse engineer, or just a curious soul, help shape the future of this tool.

🔓 Pwn smarter. Recon faster. And finally, ditch WPScan for good.

Want to know more? Subscribe to our Newsletter!