https://github.com/charliewu0788/local-wpctf

A lightweight local WordPress CTF reconnaissance framework for detecting attack surfaces including login endpoints, SQLi, XSS, and WordPress-specific misconfigurations.
https://github.com/charliewu0788/local-wpctf

attack-surface automation bug-bounty ctf cybersecurity ethical-hacking information-gathering penetration-testing python reconnaissance security-tools sql-injection vulnerability-scanners web-application-security web-security wordpress wordpress-security xss

Last synced: 3 days ago
JSON representation

A lightweight local WordPress CTF reconnaissance framework for detecting attack surfaces including login endpoints, SQLi, XSS, and WordPress-specific misconfigurations.

• Host: GitHub
• URL: https://github.com/charliewu0788/local-wpctf
• Owner: CharlieWu0788
• Created: 2026-06-11T06:24:52.000Z (7 days ago)
• Default Branch: main
• Last Pushed: 2026-06-12T03:22:31.000Z (6 days ago)
• Last Synced: 2026-06-12T04:14:29.499Z (6 days ago)
• Topics: attack-surface, automation, bug-bounty, ctf, cybersecurity, ethical-hacking, information-gathering, penetration-testing, python, reconnaissance, security-tools, sql-injection, vulnerability-scanners, web-application-security, web-security, wordpress, wordpress-security, xss
• Language: Python
• Homepage:
• Size: 7.81 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: readme.md

Awesome Lists containing this project

README

          
# Local WPCTF

A lightweight local WordPress security testing framework that combines reconnaissance, attack surface modeling, test plan generation, and OWASP-based classification.

It is designed to identify and organize web attack surfaces including authentication endpoints, SQL injection points, XSS vectors, and WordPress-specific misconfigurations.

---

## ⚡ Features (v0.3.1)

### Scanner Layer

* WordPress detection

* Hybrid authentication surface discovery

  - Link-based discovery

  - Endpoint probing (e.g., /wp-login.php)

  - Form-based login detection

  - Validation-based confirmation

* Basic SQL injection reconnaissance (parameter-based)

* Basic reflected XSS detection (form-based)

---

### Workflow Layer

* Attack surface modeling

* Security test plan generation

* Authentication surface normalization

* Structured workflow output

---

### Security Classification Layer

* OWASP Top 10 mapping for generated test cases

* Structured vulnerability categorization

* Risk classification based on test intent

* Standardized security findings output

---

### Reporting Layer

* Unified JSON output

* Structured security findings format

* OWASP-aligned result mapping

---

## 📊 Module Explanation

| Module         | Purpose |

| -------------- | --------|

| wordpress_scan | Detect WordPress installations through fingerprinting |

| auth_scan      | Hybrid authentication discovery engine |

| sql_scan       | Basic SQL injection reconnaissance |

| xss_scan       | Basic reflected XSS reconnaissance |

| attack_surface | Convert scan results into structured attack surfaces |

| test_plan      | Generate test cases from attack surfaces |

| owasp_mapper   | Map test cases to OWASP Top 10 categories |

---

## 🧠 Architecture

```text

Target URL

    ↓

Scanner Layer

    ├── WordPress Scan

    ├── Auth Scan (Hybrid Engine)

    ├── SQL Scan

    └── XSS Scan

    ↓

Attack Surface Modeling

    ↓

Test Plan Generation

    ↓

OWASP Top 10 Classification

    ↓

Structured JSON Output

```

The framework now supports hybrid authentication discovery by combining link analysis, form-based detection, and endpoint probing to improve coverage of real-world login surfaces.

---

## 📁 Project Structure

```

Local WPCTF/

├── main.py

├── config.json

│

├── scanners/

│   ├── wordpress_scan.py

│   ├── auth_scan.py

│   ├── sql_scan.py

│   ├── xss_scan.py

│   └── __init__.py

│

├── workflow/

│   ├── attack_surface.py

│   ├── test_plan.py

│   └── __init__.py

│

├── reports/

│   └── owasp_mapper.py

│

└── README.md

```

---

## 🚧 Roadmap

### v0.1.x

* WordPress detection

* Authentication discovery

* SQL reconnaissance

* XSS reconnaissance

### v0.2.0

* Attack surface modeling

* Test plan generation

* Basic workflow orchestration

### v0.3.0

* OWASP Top 10 classification

* Structured security findings

### v0.3.1 (CURRENT)

* Hybrid authentication discovery engine

* Endpoint probing for login surfaces

* Form-based login detection

* Improved authentication validation logic

### v0.4.0 (Planned)

* JSON report generator

* Persistent output files

* Structured export pipeline

---

## 📌 Notes

This version significantly improves authentication surface coverage by combining multiple discovery strategies, reducing reliance on CMS-specific assumptions while maintaining compatibility with WordPress environments.

```