A high-performance, asynchronous WordPress plugin detection and vulnerability scanner with a modern web interface and live Google Sheets reporting.
- 🚀 High Concurrency: Built with Python
asyncioandaiohttpto scan thousands of domains in minutes. - 💎 Premium UI: Modern React dashboard with real-time progress bars, hit counters, and dark-mode aesthetics.
- 📊 Live Sheet Sync: Automatically creates a new tab for every scan and pushes results live to Google Sheets.
- 🔍 Smart Detection: Multi-tiered strategy (lightweight headers check -> targeted file probing).
- 📦 Zero Config Startup: Comes with a one-click
run.batscript for easy setup.
graph TD
UI[React Dashboard] -->|Upload| API[FastAPI Server]
API -->|Start| Pipeline[Async Pipeline]
Pipeline -->|Check| Detector[WP detector]
Detector -->|Confirm| Prober[Plugin Prober]
Pipeline -->|Push| GSheet[Google Sheets API]
API -->|Poll Status| UI
- Clone the repository:
git clone https://github.com/your-username/wp-plugin-hunter.git cd wp-plugin-hunter - Add your Google Sheets Credentials:
- Place your Service Account JSON file in the root directory.
- Update the
.envfile with yourGOOGLE_SHEET_IDand the filename of your JSON. -
[!CAUTION] Security Warning: Large projects usually ignore
.envand JSON keys. I have added a.gitignoreto prevent you from accidentally pushing these to GitHub. Never share your service account JSON publicly.
- Run the script:
- Simply double-click
run.bat. It will automatically set up a virtual environment, install requirements, and start the server.
- Simply double-click
- Open Browser:
- Visit
http://localhost:8000.
- Visit
Create a .env file in the root directory:
GOOGLE_SHEETS_JSON=your-service-account.json
GOOGLE_SHEET_ID=your-google-sheet-id-from-urlTo create a standalone executable for distribution:
python package.pyThe result will be in the dist/ folder.
Feel free to fork this project and submit PRs for any new detector strategies or UI improvements!