# π‘οΈ WordPress Professional Audit Tool - Ethical WordPress Security Auditor
Professional security audit tool for WordPress sites (exclusive ethical use).
π Official website: [https://wpat.netlify.app/](https://wpat.netlify.app/)
## π Main Features
* π **Specialized Modules:**
* π΅οΈ User Enumeration Detection
* π XML-RPC Vulnerability Analysis
* π Exposed Sensitive Files Scanner
* π WordPress Version Fingerprinting
* π‘ REST API Endpoints Audit
* 𧩠Plugin Scanner (detects active installations)
* π¨ Theme Scanner (detection by CSS style)
* π Optimized Brute Force (WordPress Login)
* π SSL/TLS Audit (Certificates and Encryption)
* ποΈ **`security.txt` file detection (New)**
* π **CORS configuration detector (New)**
* π **Key Features:**
* π¨ Intuitive interface with color scheme and ASCII banners
* π₯οΈ **New interactive GUI**
* π Automatic generation of detailed logs with timestamps
* β‘ Configurable multi-threaded scanning (1-50 threads)
* π Interactive menu with simplified navigation
* π¨ Enhanced error handling and Ctrl+C system
* π¦ Official Wordlist Generator (Plugins/Themes)
## π¦ Installation
### β
Method 1: Installation via pip (traditional mode)
```bash
# Install WPAT (CLI only, no GUI)
pip install wpat
# Run WPAT in CLI mode
wpat
```
#### π₯οΈ Want the version with GUI?
```bash
# Install WPAT with GUI support (PyQt5)
pip install "wpat[gui]"
# Run the GUI
wpat-gui
```
---
### β
Method 2: Installation via pipx (Recommended)
> `pipx` allows for global and isolated installation, ideal for CLI tools.
```bash
# Install pipx if not available
python -m pip install --user pipx
python -m pipx ensurepath
# Install WPAT (CLI only)
pipx install wpat
# Run it
wpat
```
#### π₯οΈ To install WPAT with GUI using pipx:
```bash
# GUI version using pipx (with graphical dependencies)
pipx install "wpat[gui]"
# Run GUI
wpat --gui
```
---
### π οΈ Method 3: Installation from GitHub
**Option A β CLI only:**
```bash
pipx install git+https://github.com/Santitub/WPAT.git
```
**Option B β With GUI support:**
```bash
pipx install 'git+https://github.com/Santitub/WPAT.git#egg=wpat[gui]'
```
---
### βοΈ Method 4: Installation from source (development mode)
> Ideal for contributors or developers.
```bash
git clone https://github.com/Santitub/WPAT.git
cd WPAT
pip install ".[gui]"
```
---
### π³ Method 5: Installation with Docker
```bash
# Download the official WPAT image
sudo docker pull santitub/wpat
# Run WPAT in Docker container
sudo docker run -it --rm santitub/wpat
```
### π System Requirements
* Python 3.8 or higher
* pip / pipx
* Internet access for updates
* Desktop environment if using the GUI (PyQt5)
### π Dependencies
These are the libraries required for WPAT to work properly:
* `colorama` β Console color system
* `requests` β Advanced HTTP requests
* `beautifulsoup4` β HTML parser
* `tqdm` β Interactive progress bars
* `pyqt5` β GUI support
* `PyQtWebEngine` β Web rendering engine embedded in the GUI
* `urllib3` β Advanced HTTP connection handling
## π₯οΈ Usage
```bash
# From pip/pipx
wpat / wpat --gui)
# From Docker
docker run -it --rm santitub/wpat
# From GUI
python main.py --gui
```
**Workflow:**
1. Enter the target URL
2. Select modules from the interactive menu or GUI
3. Analyze real-time results with clean output
4. Review detailed logs in `/logs`
### **Main Menu:**
```
[1] Detect User Enumeration [97] Full Audit
[2] Analyze XML-RPC [98] Generate Wordlists
[3] Sensitive Files Scanner [99] Exit
[4] Detect WordPress Version
[5] Audit REST API
[6] Plugin Scanner
[7] Theme Scanner
[8] Brute Force on Login
[9] Check SSL Certificate
[10] Check Security.txt
[11] Check CORS
```
## π Project Structure
```
WPAT/
βββ main.py # Main script
βββ gui.py # Graphical Interface (new)
βββ requirements.txt # Dependencies
βββ logs/ # Audit logs
βββ wordlists/ # Generated official wordlists
βββ scripts/ # Audit modules
βββ __init__.py
βββ ssl_checker.py
βββ cors_detector.py
βββ user_enumeration.py
βββ xmlrpc_analyzer.py
βββ sensitive_files.py
βββ wp_version.py
βββ rest_api_analyzer.py
βββ security_txt.py
βββ plugin_scanner.py
βββ theme_scanner.py
βββ brute_force.py
```
## π What's New in v2.0.1
* π Improvements to the detection module `cors_detector.py`
* βοΈ Improvements in the `rest_api_analyzer.py` module
## π License and Ethics
Distributed under the **GPL-3.0** license.
See [LICENSE](LICENSE) for details.
**β οΈ Ethical Use Note:**
This software should only be used on systems with explicit permission from the owner. It includes advanced features that may be considered intrusive if used without authorization. Misuse is the sole responsibility of the end user.
Raw data
{
"_id": null,
"home_page": "https://github.com/Santitub/WPAT",
"name": "wpat",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": null,
"keywords": "wordpress security audit toolkit",
"author": "Santitub",
"author_email": "santitub22@email.com",
"download_url": null,
"platform": null,
"description": "# \ud83d\udee1\ufe0f WordPress Professional Audit Tool - Ethical WordPress Security Auditor\n\n\n\n\n\n\nProfessional security audit tool for WordPress sites (exclusive ethical use).\n\n\ud83d\udd17 Official website: [https://wpat.netlify.app/](https://wpat.netlify.app/)\n\n## \ud83d\ude80 Main Features\n\n* \ud83d\udd0d **Specialized Modules:**\n\n * \ud83d\udd75\ufe0f User Enumeration Detection\n * \ud83d\uded1 XML-RPC Vulnerability Analysis\n * \ud83d\udcc2 Exposed Sensitive Files Scanner\n * \ud83d\udd16 WordPress Version Fingerprinting\n * \ud83d\udce1 REST API Endpoints Audit\n * \ud83e\udde9 Plugin Scanner (detects active installations)\n * \ud83c\udfa8 Theme Scanner (detection by CSS style)\n * \ud83d\udd13 Optimized Brute Force (WordPress Login)\n * \ud83d\udd10 SSL/TLS Audit (Certificates and Encryption)\n * \ud83d\uddd2\ufe0f **`security.txt` file detection (New)**\n * \ud83c\udf10 **CORS configuration detector (New)**\n\n* \ud83d\udee0 **Key Features:**\n\n * \ud83c\udfa8 Intuitive interface with color scheme and ASCII banners\n * \ud83d\udda5\ufe0f **New interactive GUI**\n * \ud83d\udcc1 Automatic generation of detailed logs with timestamps\n * \u26a1 Configurable multi-threaded scanning (1-50 threads)\n * \ud83d\udd04 Interactive menu with simplified navigation\n * \ud83d\udea8 Enhanced error handling and Ctrl+C system\n * \ud83d\udce6 Official Wordlist Generator (Plugins/Themes)\n\n## \ud83d\udce6 Installation\n\n### \u2705 Method 1: Installation via pip (traditional mode)\n\n```bash\n# Install WPAT (CLI only, no GUI)\npip install wpat\n\n# Run WPAT in CLI mode\nwpat\n```\n\n#### \ud83d\udda5\ufe0f Want the version with GUI?\n\n```bash\n# Install WPAT with GUI support (PyQt5)\npip install \"wpat[gui]\"\n\n# Run the GUI\nwpat-gui\n```\n\n---\n\n### \u2705 Method 2: Installation via pipx (Recommended)\n\n> `pipx` allows for global and isolated installation, ideal for CLI tools.\n\n```bash\n# Install pipx if not available\npython -m pip install --user pipx\npython -m pipx ensurepath\n\n# Install WPAT (CLI only)\npipx install wpat\n\n# Run it\nwpat\n```\n\n#### \ud83d\udda5\ufe0f To install WPAT with GUI using pipx:\n\n```bash\n# GUI version using pipx (with graphical dependencies)\npipx install \"wpat[gui]\"\n\n# Run GUI\nwpat --gui\n```\n\n---\n\n### \ud83d\udee0\ufe0f Method 3: Installation from GitHub\n\n**Option A \u2013 CLI only:**\n\n```bash\npipx install git+https://github.com/Santitub/WPAT.git\n```\n\n**Option B \u2013 With GUI support:**\n\n```bash\npipx install 'git+https://github.com/Santitub/WPAT.git#egg=wpat[gui]'\n```\n\n---\n\n### \u2699\ufe0f Method 4: Installation from source (development mode)\n\n> Ideal for contributors or developers.\n\n```bash\ngit clone https://github.com/Santitub/WPAT.git\ncd WPAT\npip install \".[gui]\"\n```\n\n---\n\n### \ud83d\udc33 Method 5: Installation with Docker\n\n```bash\n# Download the official WPAT image\nsudo docker pull santitub/wpat\n\n# Run WPAT in Docker container\nsudo docker run -it --rm santitub/wpat\n```\n\n### \ud83d\udccc System Requirements\n\n* Python 3.8 or higher\n* pip / pipx\n* Internet access for updates\n* Desktop environment if using the GUI (PyQt5)\n\n### \ud83d\udcda Dependencies\n\nThese are the libraries required for WPAT to work properly:\n\n* `colorama` \u2014 Console color system\n* `requests` \u2014 Advanced HTTP requests\n* `beautifulsoup4` \u2014 HTML parser\n* `tqdm` \u2014 Interactive progress bars\n* `pyqt5` \u2014 GUI support\n* `PyQtWebEngine` \u2014 Web rendering engine embedded in the GUI\n* `urllib3` \u2014 Advanced HTTP connection handling\n\n## \ud83d\udda5\ufe0f Usage\n\n```bash\n# From pip/pipx\nwpat / wpat --gui)\n\n# From Docker\ndocker run -it --rm santitub/wpat\n\n# From GUI\npython main.py --gui\n```\n\n**Workflow:**\n\n1. Enter the target URL\n2. Select modules from the interactive menu or GUI\n3. Analyze real-time results with clean output\n4. Review detailed logs in `/logs`\n\n### **Main Menu:**\n\n```\n[1] Detect User Enumeration [97] Full Audit\n[2] Analyze XML-RPC [98] Generate Wordlists\n[3] Sensitive Files Scanner [99] Exit\n[4] Detect WordPress Version\n[5] Audit REST API\n[6] Plugin Scanner\n[7] Theme Scanner \n[8] Brute Force on Login\n[9] Check SSL Certificate\n[10] Check Security.txt\n[11] Check CORS\n```\n\n## \ud83d\udcc2 Project Structure\n\n```\nWPAT/\n\u251c\u2500\u2500 main.py # Main script\n\u251c\u2500\u2500 gui.py # Graphical Interface (new)\n\u251c\u2500\u2500 requirements.txt # Dependencies\n\u251c\u2500\u2500 logs/ # Audit logs\n\u251c\u2500\u2500 wordlists/ # Generated official wordlists\n\u2514\u2500\u2500 scripts/ # Audit modules\n \u251c\u2500\u2500 __init__.py\n \u251c\u2500\u2500 ssl_checker.py\n \u251c\u2500\u2500 cors_detector.py \n \u251c\u2500\u2500 user_enumeration.py\n \u251c\u2500\u2500 xmlrpc_analyzer.py\n \u251c\u2500\u2500 sensitive_files.py\n \u251c\u2500\u2500 wp_version.py\n \u251c\u2500\u2500 rest_api_analyzer.py\n \u251c\u2500\u2500 security_txt.py \n \u251c\u2500\u2500 plugin_scanner.py\n \u251c\u2500\u2500 theme_scanner.py\n \u2514\u2500\u2500 brute_force.py\n```\n\n## \ud83c\udd95 What's New in v2.0.1\n\n* \ud83d\udd0d Improvements to the detection module `cors_detector.py`\n* \u2699\ufe0f Improvements in the `rest_api_analyzer.py` module\n\n## \ud83d\udcdc License and Ethics\n\nDistributed under the **GPL-3.0** license.\nSee [LICENSE](LICENSE) for details.\n\n**\u26a0\ufe0f Ethical Use Note:**\nThis software should only be used on systems with explicit permission from the owner. It includes advanced features that may be considered intrusive if used without authorization. Misuse is the sole responsibility of the end user.\n",
"bugtrack_url": null,
"license": "GPLv3",
"summary": "WPAT (WP Audit Toolkit) es una herramienta de auditor\u00eda de seguridad para WordPress que detecta vulnerabilidades comunes y expone riesgos de manera eficiente.",
"version": "2.0.10",
"project_urls": {
"Documentation": "https://github.com/Santitub/wpat/wiki",
"Homepage": "https://github.com/Santitub/WPAT",
"Source": "https://github.com/Santitub/wpat",
"Tracker": "https://github.com/Santitub/wpat/issues"
},
"split_keywords": [
"wordpress",
"security",
"audit",
"toolkit"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "7f550357a57a325784e3877de7d3e6386334b456fd10993a5055d79b1bd79d23",
"md5": "1ce17e65b22b402f23fdb9e999e5fb19",
"sha256": "d5c09590da37dc6c071e3d13243d0e487a59a28833c86cad6f717ed22e6480e9"
},
"downloads": -1,
"filename": "wpat-2.0.10-py3-none-any.whl",
"has_sig": false,
"md5_digest": "1ce17e65b22b402f23fdb9e999e5fb19",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 35179,
"upload_time": "2025-09-04T13:51:36",
"upload_time_iso_8601": "2025-09-04T13:51:36.880858Z",
"url": "https://files.pythonhosted.org/packages/7f/55/0357a57a325784e3877de7d3e6386334b456fd10993a5055d79b1bd79d23/wpat-2.0.10-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-09-04 13:51:36",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Santitub",
"github_project": "WPAT",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "colorama",
"specs": []
},
{
"name": "requests",
"specs": []
},
{
"name": "beautifulsoup4",
"specs": []
},
{
"name": "tqdm",
"specs": []
},
{
"name": "pyqt5",
"specs": []
},
{
"name": "PyQtWebEngine",
"specs": []
},
{
"name": "urllib3",
"specs": []
}
],
"lcname": "wpat"
}
JSON
