✨ Features
Credential Testing
WordPress Detection
- Identifies WordPress installations
- Locates login endpoints (wp-login.php, wp-admin)
- Handles custom login URLs
- Follows redirects automatically
Authentication Methods
- Standard WordPress login
- Cookie-based sessions
- Custom authentication plugins
- Two-factor bypass attempts
Result Categories
- Valid: Successful login with role detection
- Invalid: Wrong username/password
- Error: Connection issues or timeouts
Subdomain Enumeration
Discovery Methods
- Certificate Transparency: Queries crt.sh for SSL certificates
- DNS Bruteforce: Tests common prefixes (www, blog, shop, mail, etc.)
- Wildcard Detection: Identifies wildcard DNS configurations
Subdomain Testing
- Tests each discovered subdomain for WordPress
- Applies same credentials to all subdomains
- Configurable subdomain limit (default: 100)
- Parallel subdomain checking
Username Enumeration
Discovery Sources
- WordPress REST API
- Author archives
- RSS feeds
- Login error messages
Testing Strategy
- Fetches up to 50 usernames (configurable)
- Tests provided password with each username
- Identifies password reuse across accounts
- Continues after successful login (optional)
WooCommerce Analysis
Data Extraction
- Store Status: Active/inactive, version info
- Payment Methods: Configured gateways
- Sales Statistics:
- Total revenue
- Order count
- Items sold
- Average order value
Admin Features
- Requires administrator access
- Extracts detailed configuration
- Payment gateway settings
- Store performance metrics
Performance
Multi-threading
- Configurable workers (1-50)
- Concurrent subdomain testing
- Real-time CPM statistics
- Progress tracking
Network Optimization
- Connection pooling
- Smart retry logic
- Timeout management
- Proxy rotation
Proxy Support
Proxy Features
- Random proxy selection
- HTTP/SOCKS5 support
- Automatic rotation on failure
- Proxy authentication
See Working with Proxies for supported proxy formats.