Added template for wordpress-ultimate-rest-api

2026-01-31 15:53:33 +08:00
parent 96140187d3
commit 49b39942ef
1 changed files with 228 additions and 0 deletions
--- a/wordpress-ultimate-rest-api.yaml
+++ b/wordpress-ultimate-rest-api.yaml
@@ -0,0 +1,228 @@
+id: wordpress-ultimate-rest-api
+
+info:
+  name: WordPress ULTIMATE REST API, Sensitive Files, Backup, Plugin & Recon Scanner
+  author: Ashwin MV + ProjectDiscoveryAI
+  severity: medium
+  description: |
+    Complete WordPress bug-bounty scanner for 2025.
+    Covers REST APIs, sensitive files, backups, plugins, themes, debug logs, WooCommerce,
+    Elementor, ACF, SEO plugins, and more.
+  tags: wordpress,bugbounty,scanner,rest-api,wp,mega,recon
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    threads: 20
+    stop-at-first-match: false
+
+    path:
+
+      ##########################
+      # CORE WORDPRESS ENDPOINTS
+      ##########################
+      - "{{BaseURL}}/xmlrpc.php"
+      - "{{BaseURL}}/wp-login.php"
+      - "{{BaseURL}}/wp-signup.php"
+      - "{{BaseURL}}/wp-admin/"
+      - "{{BaseURL}}/wp-admin/admin-ajax.php"
+      - "{{BaseURL}}/wp-admin/admin-post.php"
+      - "{{BaseURL}}/wp-cron.php"
+      - "{{BaseURL}}/wp-comments-post.php"
+      - "{{BaseURL}}/readme.html"
+      - "{{BaseURL}}/license.txt"
+      - "{{BaseURL}}/robots.txt"
+      - "{{BaseURL}}/sitemap.xml"
+      - "{{BaseURL}}/sitemap_index.xml"
+      - "{{BaseURL}}/feed"
+      - "{{BaseURL}}/rss"
+
+      ##########################
+      # SENSITIVE / LEAKED FILES
+      ##########################
+      - "{{BaseURL}}/.env"
+      - "{{BaseURL}}/.git/config"
+      - "{{BaseURL}}/.svn/entries"
+      - "{{BaseURL}}/.DS_Store"
+      - "{{BaseURL}}/backup.zip"
+      - "{{BaseURL}}/backup.sql"
+      - "{{BaseURL}}/db.sql"
+      - "{{BaseURL}}/database.sql"
+      - "{{BaseURL}}/wp-config.php.bak"
+      - "{{BaseURL}}/wp-config.php~"
+      - "{{BaseURL}}/wp-config.old"
+      - "{{BaseURL}}/wp-config.php.save"
+      - "{{BaseURL}}/debug.log"
+      - "{{BaseURL}}/error_log"
+      - "{{BaseURL}}/phpinfo.php"
+
+      ############################
+      # BACKUP / MISCONFIG FILES
+      ############################
+      - "{{BaseURL}}/wp-config.php.swp"
+      - "{{BaseURL}}/wp-config.php_orig"
+      - "{{BaseURL}}/wp-config.php-backup"
+      - "{{BaseURL}}/wp-admin/setup-config.php"
+      - "{{BaseURL}}/wp-content/debug.log"
+      - "{{BaseURL}}/wp-content/error_log"
+      - "{{BaseURL}}/wp-content/*.sql"
+      - "{{BaseURL}}/wp-content/uploads/*.zip"
+
+      ############################
+      # COMMON DIRECTORIES
+      ############################
+      - "{{BaseURL}}/wp-content/"
+      - "{{BaseURL}}/wp-includes/"
+      - "{{BaseURL}}/wp-admin/css/"
+      - "{{BaseURL}}/wp-content/plugins/"
+      - "{{BaseURL}}/wp-content/themes/"
+      - "{{BaseURL}}/wp-content/uploads/"
+
+      ############################
+      # VULNERABLE PLUGIN ENDPOINTS
+      ############################
+      - "{{BaseURL}}/wp-content/plugins/revslider/admin-ajax.php"
+      - "{{BaseURL}}/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"
+      - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/backupbuddy/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz.js"
+
+      ############################
+      # WORDPRESS REST API
+      ############################
+      - "{{BaseURL}}/wp-json/"
+      - "{{BaseURL}}/wp-json/wp/v2/users"
+      - "{{BaseURL}}/wp-json/wp/v2/users?roles=administrator"
+      - "{{BaseURL}}/wp-json/wp/v2/posts"
+      - "{{BaseURL}}/wp-json/wp/v2/pages"
+      - "{{BaseURL}}/wp-json/wp/v2/media"
+      - "{{BaseURL}}/wp-json/wp/v2/comments"
+      - "{{BaseURL}}/wp-json/wp/v2/settings"
+      - "{{BaseURL}}/wp-json/wp/v2/themes"
+      - "{{BaseURL}}/wp-json/wp/v2/plugins"
+
+      ############################
+      # WOO COMMERCE
+      ############################
+      - "{{BaseURL}}/wp-json/wc/v3/products"
+      - "{{BaseURL}}/wp-json/wc/v3/orders"
+      - "{{BaseURL}}/wp-json/woo-gutenberg-products-block/v1/products"
+
+      ############################
+      # ACF
+      ############################
+      - "{{BaseURL}}/wp-json/acf/v3/options/options"
+      - "{{BaseURL}}/wp-json/acf/v3/posts"
+      - "{{BaseURL}}/wp-json/acf/v3/pages"
+
+      ############################
+      # ELEMENTOR
+      ############################
+      - "{{BaseURL}}/wp-json/elementor/v1/globals"
+
+      ############################
+      # SEO (Yoast / RankMath)
+      ############################
+      - "{{BaseURL}}/wp-json/yoast/v1/configurator"
+      - "{{BaseURL}}/wp-json/wpseo/v1"
+      - "{{BaseURL}}/wp-json/rankmath/v1"
+
+      ############################
+      # SECURITY PLUGINS
+      ############################
+      - "{{BaseURL}}/wp-json/itsec/v1"
+
+      ############################
+      # WPML / MULTI-LANG
+      ############################
+      - "{{BaseURL}}/wp-json/wpml/v1/config"
+
+      ############################
+      # COMMENT PLUGINS
+      ############################
+      - "{{BaseURL}}/wp-json/wpdiscuz/v1"
+
+      ############################
+      # NEWSLETTER
+      ############################
+      - "{{BaseURL}}/wp-json/mailpoet/v1"
+
+      ############################
+      # MARKETPLACE
+      ############################
+      - "{{BaseURL}}/wp-json/dokan/v1/stores"
+
+      ############################
+      # JOB MANAGER
+      ############################
+      - "{{BaseURL}}/wp-json/job-manager/v1/listings"
+
+      ############################
+      # GUTENBERG BLOCKS
+      ############################
+      - "{{BaseURL}}/wp-json/wp/v2/block-types"
+      - "{{BaseURL}}/wp-json/wp/v2/blocks"
+      - "{{BaseURL}}/wp-json/wp/v2/block-renderer/core/paragraph"
+
+      ############################
+      # CUSTOMIZER
+      ############################
+      - "{{BaseURL}}/wp-json/wp/v2/customizer/settings"
+
+      ############################
+      # DEBUG / CUSTOM ENDPOINTS
+      ############################
+      - "{{BaseURL}}/wp-json/debug_log/v1/logs"
+      - "{{BaseURL}}/wp-json/custom/v1/config"
+
+    matchers-condition: or
+    matchers:
+
+      - type: status
+        status:
+          - 200
+          - 201
+          - 401
+          - 403
+
+      - type: regex
+        part: header
+        regex:
+          - "application/json"
+
+      - type: word
+        part: body
+        words:
+          - "Powered by WordPress"
+          - "\"namespace\":\"wp/v2\""
+          - "\"name\":\"WordPress\""
+
+      - type: regex
+        part: body
+        regex:
+          - "(?i)(fatal error|stack trace|debug|warning|exception|deprecated)"
+
+      - type: regex
+        part: body
+        regex:
+          - "(?i)(DB_PASSWORD|DB_USER|DB_NAME|APP_KEY|DB_HOST|APP_ENV|\\[core\\])"
+
+      - type: regex
+        part: body
+        regex:
+          - "(?i)(index of /wp-content|index of /plugins|index of /uploads)"
+
+    extractors:
+
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - "\"version\":\"([0-9.]+)\""
+
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - "\"plugin\":\"([^\"]+)\""