The wait is over — PwnPress Framework just got a fresh upgrade with version 1.3.1. Whether you’re deep into pentesting, solving CTFs, or just fed up with the limits of tools like WPScan, this release brings powerful new improvements that make WordPress security testing smoother than ever.

🆕 What’s new in v1.3.1

This release is small but mighty — here’s what’s packed inside:

• JDK upgrade: We’ve moved from OpenJDK 17 to OpenJDK 21, ensuring compatibility with modern systems and better performance.
• Kali Linux support: Thanks to the JDK bump, PwnPress now installs and runs flawlessly on Kali Linux (tested on 2025.2). Yes, it’s finally at home in the world’s favorite pentesting distro.

• HTTP support for CTFs: You asked, we listened. PwnPress can now scan plain HTTP endpoints, making it perfect for local labs and capture-the-flag challenges.

[!] Warning: Connection to http://localhost:8080/ is not encrypted (HTTP only).
[+] WordPress detected: http://localhost:8080/
[+] Scanning: http://localhost:8080/

• Extra fingerprinting: Improved server and security detection helps you map out defenses more accurately — spotting WAFs, server tech, cookies, and more.

[+] Server fingerprinting:
 ├─ Server: Sucuri/Cloudproxy
 ├─ IP Address: 192.124.249.21
 ├─ WAF / Security:
 |    - Sucuri WAF detected
 └─ Cookies:
     └─ No cookies set in response.

🔧 Core features (still rocking)

• ✅ Automated scanning for WordPress vulnerabilities
• ✅ Batch target validation and filtering by version status
• ✅ Directory scraping for hidden files
• ✅ WordPress phishing page generator
• ✅ XML-RPC brute forcing (system.Multicall)
• ✅ Request crafting & settings management

👉 With more exploitation features coming soon (SQLi, XSS, RCE, SSRF, file upload tests).

⚡ Installation

You’ve got options — pick your flavor:

Option 1 – Java (any OS)

java -jar pwnpress_1_3_1_cli.jar

Option 2 – Debian

sudo apt install openjdk-21-jre  
sudo dpkg -i pwnpress_1_3_1_cli.deb  
pwnpress

Option 3 – Windows

Unzip the package and run the .exe — simple.

💡 Quick Usage

Fire up the tool and type:

help

From there, explore sections like scanner, target, phisher, bruteforce, and pingbacker. Some commands are still under development so watch out!

🤝 Call for collaborators

PwnPress is growing fast, but the exploitation engine and advanced modules need builders. If you code in Java, love hacking, or just want to push WordPress security further, join the project:

• 📧 [email protected]
• 🌐 Contact form

🔓 Pwn harder. Recon smarter. And now, do it on Kali.