• Stars
    star
    543
  • Rank 81,848 (Top 2 %)
  • Language
    Python
  • Created over 1 year ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

You just found a hidden gem πŸ’Ž This repo contains a massive amount (8000+) of WordPress related Nuclei templates. Updated daily!

Nuclei + Wordfence = β™₯

This project provides a massive up-to-date collection of Nuclei templates that can be used to scan for vulnerabilities in WordPress. The templates are based on the vulnerability reports of Wordfence.com.

This project is a valuable resource for anyone who wants to scan for vulnerabilities in WordPress-based websites. The templates are easy to use and up-to-date, and they are open source so you can modify them to fit your specific needs. If you are responsible for the security of a website that uses WordPress, I highly recommend using this project to scan for vulnerabilities.

If you found this project helpful, please consider giving it a star on GitHub. Your support helps to make this project even better.

Features

  • The templates are easy to use and can be run with a single command.
  • The templates are based on the vulnerability reports of Wordfence.com.
  • The templates are updated regularly to ensure that they are always up-to-date with the latest vulnerabilities.
  • The templates are open source, so you can modify them to fit your specific needs.
  • Manually enhanced templates can be marked to avoid overwriting them.

What's in it?!

category total
wp-plugins 7998
wp-themes 252
wp-core 326
other 16
severity total
info 7
low 41
medium 5690
high 2105
critical 741

Usage

To use the templates, you will need to install Nuclei and this nuclei-wordfence-cve repository. Once you have installed Nuclei, you can run the following command to scan for vulnerabilities:

nuclei -t github/nuclei-wordfence-cve-topscoder -u https://target.com

Installation

To install this nuclei-wordfence-cve repository, you can use the following command:

export GITHUB_TEMPLATE_REPO=topscoder/nuclei-wordfence-cve
nuclei -update-templates

Examples

Here are some examples of how to use the templates:

  • To scan for all known vulnerabilities in WordPress, you can run the following command:
nuclei -t github/nuclei-wordfence-cve-topscoder -u https://target.com
  • To scan for a CVE specific vulnerability, you can run the following command:
nuclei -t github/nuclei-wordfence-cve-topscoder -template-id cve-2023-32961 -u https://target.com
  • To scan only for critical vulnerabilities, you can run the following command:
nuclei -t github/nuclei-wordfence-cve-topscoder -severity critical -u https://target.com
  • To scan only for WordPress core vulnerabilities, you can run the following command:
nuclei -t github/nuclei-wordfence-cve-topscoder -tags wp-core -u https://target.com
  • To scan only for WordPress plugin vulnerabilities, you can run the following command:
nuclei -t github/nuclei-wordfence-cve-topscoder -tags wp-plugin -u https://target.com
  • To scan only for WordPress theme vulnerabilities, you can run the following command:
nuclei -t github/nuclei-wordfence-cve-topscoder -tags wp-theme -u https://target.com
  • To go wild, you can combine and combine and combine:
nuclei -t github/nuclei-wordfence-cve-topscoder -tags wp-plugin,wp-theme -severity critical,high
  • To go even wilder, you can use the template condition flag (-tc) that allows complex expressions like the following ones:
nuclei -t github/nuclei-wordfence-cve-topscoder -template-condition "contains(to_lower(name),'cross-site scripting') || contains(to_upper(name),'XSS')" -u https://target.com
nuclei -t github/nuclei-wordfence-cve-topscoder -template-condition "contains(to_lower(name),'sql injection') || contains(to_lower(description),'sql injection')" -u https://target.com
nuclei -t github/nuclei-wordfence-cve-topscoder -template-condition "contains(to_lower(name),'file inclusion') || contains(to_lower(description),'file inclusion')" -u https://target.com
nuclei -t github/nuclei-wordfence-cve-topscoder -template-condition "contains(to_upper(name),'CSRF') || contains(to_upper(description),'CSRF')" -u https://target.com

Contributing

If you would like to contribute to this project, please feel free to fork the repository and submit a pull request.

Manually Enhanced

Manually enhanced templates can be marked with # Enhanced in last line of the template to avoid the template to be overwritten by accident.

License

This project is licensed under the MIT License.

Contact

If you have any questions or feedback, please feel free to contact the project maintainers.

~~ Please use it responsibly!

More Repositories

1

jetbrains-vscode

Convert your Jetbrains Run/Debug Configrations to VSCode Run and Debug configurations.
Python
14
star
2

hurry-cli

Straight out of heaven. Hurry is a CLI tool to speed setting up MoniGoMani HyperStrategy & co. #freqtrade #hyperopting #trading #strategy
Python
11
star
3

nordvpn-udm

Shell
9
star
4

nuclei-zero-day

This repository contains random Nuclei templates I've created. Most of them based on recent security issues and exploits.
7
star
5

fourohme

FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.
Go
4
star
6

bug-bounty-rewards

A collection of websites that have a bug bounty program with a reward.
2
star
7

lurk-sonar

Download source code of all projects in a SonarQube instance. #bugbounty #opsec #infosec #sonarqube
2
star
8

oldhost

oldhost is a tool for bug bounty hunters to discover old hosts that are no longer available, but might still be present on different known and related servers.
Go
2
star
9

degiro-tradingview

Visualize your entire DeGiro portfolio in TradingView by plotting lines at the chart for your (avg) entries, buy and sell orders.
TypeScript
2
star
10

proxmox-scripts

Shell
1
star
11

ide-theme-mangler

This project is ultimately about standardizing the color themes of Code Editors (or IDE) like IntelliJ editors, Visual Studio Code (VSCode), Sublime Text, etc.
Python
1
star
12

iconomi-homeassistant

Pull Iconomi data in your Home Assistant machine. Let the automation begin :-)
Python
1
star
13

aisubs

Go
1
star
14

favicon-hash

Get the hash of a favicon so you can search for it in Shodan.io
Python
1
star
15

ptr

ptr is a Go script that allows you to find hostnames by ip addresses. Reverse IP lookup by resolving the PTR record.
Go
1
star
16

domainer

Domainer is a Go script that allows you to extract the root domains from a list of domains based on the ARPANET RFC's for (top-level) domains (TLDs). It removes the scheme (if present) from the input domains and extracts the last label before the TLD to produce the root domain. The extracted root domains are then printed as output.
Go
1
star
17

degiro-ghostfolio

Transfer degiro transactions to a local Ghostfolio instance
Python
1
star