Skip to content

Releases: amtzespinosa/pwnpress

v1.3.1

07 Sep 15:33
@amtzespinosa amtzespinosa
v1.3.1
87bd6ec
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.3.1 Latest
Latest

PwnPress Framework CLI v1.3.1

This new version comes with 4 updates/fixes:

  • JDK has been updated from OpenJDK 17 to OpenJDK 21
  • Thanks to the previous update now it can be installed and used in KALI LINUX: our favourite pentesting distro!
pwnpress_kali
  • Added support for http and so for CTFs!
[!] Warning: Connection to http://localhost:8080/ is not encrypted (HTTP only).
[+] WordPress detected: http://localhost:8080/

[+] Using cached Wordfence data.

[+] Scanning:           http://localhost:8080/
[+] Time started:       2025-09-06 16:41:05

[+] …
  • Added some extra server and security fingerprinting
[+] Server fingerprinting:
 ├─ Server: Sucuri/Cloudproxy
 ├─ IP Address: 192.124.249.21
 ├─ WAF / Security:
 |    - Sucuri WAF detected
 └─ Cookies:
     └─ No cookies set in response.

Install options

They keep being the same:

Option 1 - Java:

With Java installed, you can download the .jar file and run it with the following command:
java -jar pwnpress_1_3_1_cli.jar

Option 2 - Debian:

Install openjdk-21-jre if not installed:
sudo apt install openjdk-21-jre

Then, download the Debian (.deb file) package and install it with the following comand:
sudo dpkg -i pwnpress_1_3_1_cli.deb

Now, run the tool:
pwnpress

Option 3 - Windows:

Download the .zip file and extract it. Then, just execute the .exe file.

Assets 5
Loading

v1.2.0

15 Apr 10:45
@amtzespinosa amtzespinosa
v1.2.0
f7c08bd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.2.0

First release! - PwnPress Framework CLI v1.2.0

  • Automated scanning: Automatically scans WordPress websites for info gathering and known vulnerabilities.
  • Sites validation: It can validate a list of targets to filter only WordPress sites and build a file. It can also filter sites depending on their version status.
  • Directory scraping: Recursively scrape any directory to list all files in them.
  • Create phishing: Instantly build a default WordPress login phishing page with credentials collection utility that sends gathered credentials to your inbox.
  • Leverage XML-RPC: You can leverage XML-RPC for two things: brute force extracted users' passwords and to test for system.Multicall so you can pingback other websites (you will need a webserver publicly accesible to test for pingback).
  • Settings management: Allows setting constant parameters for scanning and exploitation.
  • Request crafting: Constructs and sends HTTP requests with injected payloads.

Option 1 - Java:

With Java installed, you can download the .jar file and run it with the following command:
java -jar pwnpress_1_2_0_cli.jar

Option 2 - Debian:

Install openjdk-17-jre:
sudo apt install openjdk-17-jre

Then, download the Debian package and install it with the following comand:
sudo dpkg -i pwnpress_1_2_0_cli.deb

Now, run the tool:
pwnpress

Option 3 - Windows:

Download the .zip file and extract it. Then, just execute the .exe file.

Loading