id: wp-plugin-scan info: name: Wordpress Plugin Scanner author: pdteam severity: info description: wordlist based wordpress plugin scanner. requests: - payloads: plugin_wordlist: wordlists/wp-plugins.txt # Thanks to RandomRobbieBF for the wordlist # https://github.com/RandomRobbieBF/wordpress-plugin-list attack: sniper threads: 50 raw: - | GET /§plugin_wordlist§ HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Referer: {{BaseURL}} matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "== Description =="