PwnPress Console

pwnpress

Blog

PwnPress Framework is here — Time to ditch WPScan

PwnPress Framework is here — Time to ditch WPScan

By pwnpress April 24, 2025

Welcome to a new era of WordPress security testing. If you've ever felt shackled by API rate limits, outdated vulnerability scans, or just the sluggish pace of community tools like WPScan — you're not alone. Enter **[PwnPress Framework](https://pwnpress.org/)**: a fresh, fast, and fully open-source alternative that’s ready to shake up the scene. --- ## Why PwnPress? PwnPress is a powerful and automated WordPress vulnerability scanner — but calling it just a scanner doesn’t do it justice. It’s a growing **framework** for reconnaissance, enumeration, and (soon) exploitation of WordPress sites. It’s built for hackers, by hackers — and that means no signup walls, no API keys, no arbitrary limits. > 🧠 The goal? Combine speed, modularity, and automation into a single tool that actually makes your recon easier — and way more fun. Whether you’re scraping directories, building phishing pages, or validating thousands of WordPress targets, PwnPress gets it done. --- ## 🔧 Features at a glance - ✅ **Automated scanning** for core, plugin, and theme vulnerabilities - ✅ **Batch target validation** to detect real WordPress sites - ✅ **Directory scraping** for juicy file listings - ✅ **Phishing page generation** for default or custom WP logins - ✅ **XML-RPC brute forcing** (via `system.Multicall`) - ✅ **Request crafting & settings management** ### Coming soon - 🚧 **Response analysis** and smarter detection logic - 🚧 **Built-in exploitation modules** for RCE, SQLi, XSS, and more - 🚧 **Integration with external tools** like Mockbin --- ## 🚀 Getting started PwnPress runs on Java 17 and is available for **Linux**, **Windows**, and as a plain `.jar`. **Option 1 – Java (any OS)** ```bash java -jar pwnpress_1.2.0_cli.jar ``` **Option 2 – Debian** ```bash sudo apt install openjdk-17-jre sudo dpkg -i pwnpress_1.2.0.deb pwnpress ``` **Option 3 – Windows** Unzip and run the executable — no setup needed. ## 💡 Pro tips Once you're in, type `help` to explore available commands. Navigate between sections like `scanner`, `phisher`, `bruteforce`, and `target` to dig deep into your recon flow. Some commands are still in development, but what's there now is already robust and ready to use in your next engagement. See the full list of commands in the [official Github repo](https://github.com/amtzespinosa/pwnpress). ---------- ## 🤝 Contribute to the Mission The code is still rough around the edges — but that’s where you come in. If you’re a dev, hacker, reverse engineer, or just a curious soul, help shape the future of this tool. - 📧 Email: [email protected] - 🌐 Or join via [our contact form](https://pwnpress.org/#contact). ---------- 🔓 **Pwn smarter. Recon faster. And finally, ditch WPScan for good.**