Share
## https://sploitus.com/exploit?id=D1100CFF-3DB0-577C-9AFF-A4DA7D5B1EFA
Advanced WordPress Vulnerability Scanner & AI-Powered Exploitation Framework



  
  
  
  
  
    
  


---

## What is WP-Hijack?

**WP-Hijack** is a full-featured, open-source WordPress security scanner built for
penetration testers, bug bounty hunters, and red teams. It runs a **10-phase async
pipeline** โ€” from passive recon to AI-generated exploit code โ€” with **zero required
API keys** (works 100% offline with Ollama).

> **DETECT โ†’ CONFIRM โ†’ AI EXPLOIT**
>
> Every vulnerability is actively confirmed with an HTTP proof-of-exploit before AI
> generates a working Python PoC, cURL command, and a business-impact summary.

---

## Highlights

| Area | What it does |
|---|---|
| **CMS Detection** | 7-signal WordPress fingerprinting incl. `/wp-json/` REST API & `Link: api.w.org` header |
| **Enumeration** | 53-slug plugin wordlist + 23-slug theme wordlist โ€” works on hardened / CDN-fronted sites |
| **User Discovery** | 4 methods: REST API, author archives (URL + body), login oracle, XML-RPC multicall |
| **Active Tests** | XML-RPC abuse ยท REST API checks ยท login oracle ยท 70+ sensitive file paths ยท safe SQLi/XSS |
| **VulnDB** | Bundled SQLite DB (offline) + live WPVulnerability.net API โ€” no API key required |
| **AI Workflow** | Ollama (local/free), OpenAI, Anthropic, Gemini โ€” summaries, exploit drafting, FP filter, chat |
| **Reporting** | Dark-mode HTML ยท PDF ยท JSON ยท Markdown โ€” all from one scan |
| **Resilience** | Exponential-backoff HTTP retry ยท URL typo detection ยท WAF evasion hints |

---

## Installation

```bash
git clone https://github.com/kdo2064/wp-Hijack
cd wp-Hijack
python -m venv .venv
```

```bash
# Windows
.venv\Scripts\activate

# Linux / macOS
source .venv/bin/activate
```

```bash
pip install -e .
wp-hijack --version
```

### Use Local AI โ€” No API Key Needed

```bash
# Install Ollama from https://ollama.com, then:
ollama pull llama3
ollama serve

wp-hijack scan https://target.tld --yes-ai
```

---

## Quick Start


  


```bash
# Basic scan
wp-hijack scan https://target.tld

# Scan + auto AI analysis (no prompt)
wp-hijack scan https://target.tld --yes-ai

# Deep scan โ€” cautious checks + verbose terminal output
wp-hijack scan https://target.tld --cautious --verbose

# Bulk scan from a file (one URL per line)
wp-hijack scan --file targets.txt --output reports

# Interactive AI chat after scan
wp-hijack scan https://target.tld --chat

# Update vulnerability database
wp-hijack update-db
```

---

## Commands & Flags

### Commands

| Command | Purpose |
|---|---|
| `wp-hijack scan ` | Scan a single target |
| `wp-hijack scan --file targets.txt` | Bulk scan from file |
| `wp-hijack update-db` | Refresh local vuln DB from NVD feeds |
| `wp-hijack model-list` | List available Ollama models |
| `wp-hijack model-select` | Choose and save active Ollama model |
| `wp-hijack show-config` | Print resolved config (secrets masked) |
| `wp-hijack chat-report report.json` | AI chat against an existing report |

### Scan Flags

```text
--file           Bulk mode from a text file
--config         Use a custom config file
--output         Change the report output directory
--no-ai          Disable AI for this run
--no-confirm     Skip active confirmation checks
--cautious       Slower, more thorough confirmations
--markdown       Also write a Markdown report
--chat           Start interactive AI chat after the scan
--model          Override AI model for one run
--provider       Override AI provider for one run
--verbose        Show detailed finding cards in the terminal
--yes-ai         Auto-run AI analysis (skip prompt)
--no-ai-prompt   Do not ask for AI analysis after scan
```

---

## Configuration

Default behavior is controlled through [`config.json`](config.json):

```json
{
  "ai": {
    "enabled": true,
    "provider": "ollama",
    "model": "llama3",
    "base_url": "http://localhost:11434/v1"
  },
  "scanner": {
    "threads": 10,
    "timeout": 15,
    "verify_ssl": false
  },
  "confirmation": {
    "run_confirmations": true,
    "allow_cautious_tests": false
  },
  "reporting": {
    "pdf_enabled": true,
    "html_enabled": true,
    "json_enabled": true,
    "markdown_enabled": false
  }
}
```

| Provider | `"provider"` value | API Key |
|---|---|:---:|
| Ollama (local) | `"ollama"` | No (free) |
| OpenAI | `"openai"` | Yes |
| Anthropic | `"anthropic"` | Yes |
| Google Gemini | `"gemini"` | Yes |

Run `wp-hijack show-config` to inspect the effective runtime config.

---

## Output & Reports

Reports are saved to `./reports` by default:

| Format | File | Description |
|---|---|---|
| **JSON** | `wp_hijack_.json` | Full machine-readable scan data |
| **HTML** | `wp_hijack_.html` | Dark-mode styled browser report |
| **PDF** | `wp_hijack_.pdf` | Printable client report *(needs WeasyPrint)* |
| **Markdown** | `wp_hijack_.md` | Plain-text โ€” add `--markdown` flag |

---

## Project Layout

```text
wp_hijack/
โ”œโ”€โ”€ cli.py               CLI entry point (Typer)
โ”œโ”€โ”€ scanner.py           10-phase pipeline orchestrator
โ”œโ”€โ”€ recon.py             Passive recon โ€” IP, SSL, headers, title
โ”œโ”€โ”€ http_client.py       Async HTTP โ€” UA rotation, retry, proxy
โ”œโ”€โ”€ config.py            Config loading & validation
โ”œโ”€โ”€ ai/                  AI providers, exploit gen, chat, scoring
โ”œโ”€โ”€ cms/                 CMS detection (WordPress, Joomla, Drupal)
โ”œโ”€โ”€ enumerators/         Plugin / theme / user enumeration
โ”œโ”€โ”€ active_tests/        XML-RPC, REST API, SQLi/XSS, file exposure
โ”œโ”€โ”€ pipeline/            DETECT โ†’ CONFIRM data models
โ”œโ”€โ”€ vulndb/              SQLite DB + WPVulnerability.net client
โ”œโ”€โ”€ waf/                 WAF fingerprinting & evasion
โ”œโ”€โ”€ reporting/           JSON / HTML / PDF / Markdown writers
โ””โ”€โ”€ templates/           Jinja2 HTML report template
```

---

## Roadmap

| Status | Feature |
|:---:|---|
| Done | 10-phase async pipeline |
| Done | Multi-AI (Ollama / OpenAI / Anthropic / Gemini) |
| Done | DETECT โ†’ CONFIRM โ†’ AI EXPLOIT chain |
| Done | 53-plugin + 23-theme wordlist probing |
| Done | Exponential-backoff HTTP retry & URL typo detection |
| Done | Dark-mode HTML + PDF + JSON + Markdown reports |
| In Progress | WooCommerce-specific vuln checks |
| In Progress | Nuclei template export |
| Planned | Docker image |
| Planned | Web dashboard (Flask) |
| Planned | Shodan recon integration |
| Planned | Auto exploit chaining (multi-CVE) |

---

## Contributing

```bash
git clone https://github.com//wp-Hijack
git checkout -b feature/my-feature
# make your changes
git commit -m "feat: describe your change"
git push origin feature/my-feature
# open a Pull Request on GitHub
```

| Area | Where |
|---|---|
| Bug reports | [Open an issue](https://github.com/kdo2064/wp-Hijack/issues) |
| New active-test modules | `wp_hijack/active_tests/` |
| Vuln DB entries | `wp_hijack/vulndb/vulns.json` |
| Better AI prompts | `wp_hijack/ai/exploit_prompts.py` |
| New CMS support | `wp_hijack/cms/` |

---

## Legal Disclaimer

> **Authorized use only.**
>
> You must have **explicit written permission** from the system owner before running any
> scan. Unauthorized scanning is illegal under the CFAA, Computer Misuse Act, and
> equivalent laws worldwide.
>
> The developer (**KDO || Xpert Exploit**) assumes **zero liability** for any misuse,
> damage, or legal consequences from using this software.
>
> You own the target  |  You have written authorization  |  Legal testing environment
>
> **Scan responsibly. Hack ethically.**

---

## Author


  
    
    KDO || Xpert Exploit
  
  
  GitHub
   ยท 
  Issues
   ยท 
  Project


---


  
  
  
    
  
    
  
    
  
  
  If WP-Hijack helped you, consider starring the repo โ€” it means a lot.
  
  Made for the security community ยท use it to protect, not to harm.