ICU-WP is designed to scan WordPress sites for potential username enumeration vulnerabilities. This tool performs multiple checks to identify if a WordPress site is vulnerable to username enumeration through various methods.
- WordPress Detection: Identifies if a site is a WordPress installation.
- Author Enumeration: Attempts to enumerate usernames by querying author URLs.
- REST API Enumeration: Checks multiple REST API endpoints for user information.
- User Details Check: Attempts to fetch user details through REST API endpoints.
- WordPress.com API Check: Queries the WordPress.com public API for additional site information.
- Python 3.7+
- Flask
- Requests
- Werkzeug
-
Clone the repository:
https://github.com/AnonKryptiQuz/ICU-WP.git cd ICU-WP -
Install the required packages:
pip install -r requirements.txt
Ensure
requirements.txtcontains:Flask requests Werkzeug
-
Run the Flask application:
python ICU-WP.py
-
Open your browser and navigate to
http://127.0.0.1:5000. -
Enter the URL of the WordPress site you want to scan, set the request timeout and the number of concurrent threads, then click "Start Scan".
- A simple HTML form is provided for users to enter the site URL and configuration settings.
- Results are displayed dynamically on the same page using JavaScript.
- Educational Purposes Only: ICU-WP is intended for educational and research use. The tool should not be used for illegal or malicious activities. It is the user’s responsibility to ensure compliance with local laws and regulations.
Created by: AnonKryptiQuz