0

Does any software or any other way to detect if a website contains any WordPress installation?

For example lets say we have the website example.com which is not a WordPress site, but we have a WordPress site in the path example.com/blog and example.com/blog2.

So far I have use burp suit to crawl the website and then check for a WordPress file like license.txt, but in this way is very time consuming so I want to know if there is any other automated tool that I can use in order to check this.

chrysst
  • 157
  • 4
  • ...normally, a file named `license.txt` shouldn't be visible from the visitor end (it implies you can see the actual source code of the site, among other things). There might be fingerprinting for WordPress, but the catch is that you're **still** going to have to crawl the site - for one thing, different pages might be hosted on different physical machines, so there's no way to tell except visiting the relevant pages. – Clockwork-Muse Jan 30 '19 at 00:54
  • Do you have access to the hosting for your websites? Or are you trying to find what's on your domains separate from what you can see in your hosting? – sarnold Jan 30 '19 at 04:01
  • The tool that you ask of will also perform crawling to figure it out.The tools are probably off topic here.What i use is wappalyzer extension on my browser while i passively crawl the web app – yeah_well Jan 30 '19 at 06:59
  • @sarnold Yes I have access to the hosting. But if there is a way to check this without the need to access the hosting would be better! I want to find an automated way for checking this! – chrysst Jan 30 '19 at 07:32
  • @VipulNair thank you for your suggestion, also if there is any way to create a script for this task would be much better I am not asking exclusive for tools! – chrysst Jan 30 '19 at 07:46

2 Answers2

0

By the directory structue, like: /wp-admin, /wp-json... You can also see through the url of images: wp-content/themes/<theme>/. See:


    [dir] wp-admin
    [dir] wp-includes
    index.php
    license.txt
    readme.html
    wp-activate.php
    wp-blog-header.php
    wp-comments-post.php
    wp-config-sample.php
    wp-cron.php
    wp-links-opml.php
    wp-load.php
    wp-login.php
    wp-mail.php
    wp-settings.php
    wp-signup.php
    wp-trackback.php
    xmlrpc.php
JULIO NETO
  • 1
  • Hi Jilio Neto, Thank you for your answer. The issue here is that I am not sure if it really exist a Wordpress installation in the main domain and that the installation my exist in a specific directory path of the main URL i.e. example.com/blog – chrysst Jan 30 '19 at 07:39
0
import requests

#Loop through the whole list of domains 
with open('ListOfDomainsFile') as f:
    for line in f:
    domain = line.rstrip()    
    source = requests.get(domain).text   
    counter = counter+1
    if "wp-include" in source:
        results = 'Yes, is powered by WordPress'
    else:
        results = 'No, is not powered by WordPress'

    print(line , ' : ' , results)
chrysst
  • 157
  • 4