Skip to content
/ clapi Public

Utility to scan wordpress installations using their on-by-default REST endpoints

critsecurity.github.io/clapi/
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CritSecurity/clapi

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

68 Commits

assets

assets

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

index.html

index.html

 
 

manifest.webmanifest

manifest.webmanifest

 
 

serviceWorker.js

serviceWorker.js

 
 

Repository files navigation

Logo

CLAPI

Information Disclosure Scanner for Wordpress REST API

Background

By default, Wordpress installations run several REST endpoints, which could disclose information otherwise unknown to attackers or harder to obtain. This utility aims to help administrators check, whether their site is affected by this weakpoint.

Deployment

Hosted on Github Pages: https://critsecurity.github.io/clapi/
Installable as progressive web application (PWA) on iOS, Android and Chromium-likes

Modules

Usernames

Enumerate account names on the target domain. Export as CSV or raw API response (json).

Media Uploads

Enumerate uploaded files in WP's media folder. Export as CSV or raw API response (json).

REST Endpoints

Enumerate open REST endpoints which can help discover and identify installed plugins. Export as CSV or raw API response (json).

About

Utility to scan wordpress installations using their on-by-default REST endpoints

critsecurity.github.io/clapi/

Topics

wordpress pwa rest rest-api scanner cybersecurity wp infosec cyber-security information-disclosure

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages