💀 WP-Reaper: The Ultimate WordPress Exploit Engine

WP-Reaper is a professional-grade, high-performance security auditing and exploitation framework with one ultimate mission: to automatically detect and validate CVEs across WordPress websites. Built exclusively for modern penetration testers, bug bounty hunters, and red teamers, WP-Reaper cuts through the noise to find real, exploitable WordPress vulnerabilities.

Forget about tangled Python environments and missing dependencies. WP-Reaper is distributed as a standalone, lightning-fast compiled binary for Linux, ready to deploy into any engagement environment in seconds.

---

🔥 Why Choose WP-Reaper?

While traditional scanners stop at simply "detecting" outdated plugins, WP-Reaper takes the leap into active exploitation and validation. It fuses the deep enumeration capabilities of WPScan with the devastating speed of Nuclei, wrapping it all into a seamless, autonomous kill-chain.

• Zero-Dependency Deployment: Plug-and-play architecture. Shipped as a fully packaged .bin (Linux). Zero pip installs, zero environment setup.
• Autonomous Exploit Pipeline:
  1. Passively enumerates the target.
  2. Extracts underlying CVEs.
  3. Dynamically fetches 0-day and known PoC templates from elite private/public GitHub archives.
  4. Actively fires the exploit to confirm actual vulnerability.
• Built-in API Token Rotation (Embedded Pool): WP-Reaper comes packed with an internal token rotation engine featuring a built-in pool of shared API tokens.

⚠️ IMPORTANT: If these built-in community tokens run out of daily requests, you MUST supply your own personal WPScan API key using the -a flag to continue scanning.

• Real-time Operative Dashboard: Built-in Terminal User Interface (TUI) providing live telemetry, CVE monitor streams, targeting logs, and metrics.
• Premium Executive Reporting: Automatically compiles the "bloodshed" into a gorgeous, C-level HTML executive report upon task completion. Beautiful analytics, severity breakdowns, CVSS scores, and raw Nuclei templates—ready to attach to your Bug Bounty report.

---

⚙️ System Requirements

While WP-Reaper itself is distributed as a zero-dependency binary orchestrator, it relies on the following core penetration testing tools being installed and accessible in your system's global PATH:

1. WPScan: Used for deep passive enumeration and CVE extraction.
2. Nuclei: The core engine used to actively fire the exploits.
3. Vulnx: Used to hunt for intelligence and Proof of Concepts (PoCs).

Make sure you can run wpscan, nuclei, and vulnx from your terminal before launching WP-Reaper!

---

💻 Supported Architectures

WP-Reaper is compiled for maximum compatibility and performance:

• Linux (x64 / ARM64): wp-reaper-linux.bin

(Note: Ensure your operating system allows execution of the binary before running).

---

⚡ Quick Start Guide

Deploy WP-Reaper instantly from your terminal:

Linux Reconnaissance & Scanning:

chmod +x wp-reaper-linux.bin
./wp-reaper-linux.bin -u https://target-site.com

Linux Mass Reconnaissance:

./wp-reaper-linux.bin -l massive_target_list.txt -a YOUR_PRIVATE_API_TOKEN

Available Arguments:

Flag	Description	Requirement
-u, --url	Single target URL to analyze and exploit.	Required (or use -l)
-l, --list	Text file containing a list of target URLs for mass exploitation.	Required (or use -u)
-a, --api	Personal WPScan API Token. Required if the built-in community API pool is exhausted.	Conditional

---

📸 WP-Reaper in Action

---

📊 The Premium Executive Report

WP-Reaper doesn't just print green text to a console. At the end of every engagement, it generates a report_premium_XXXX.html file in the current directory.

This report is designed to impress clients and Bug Bounty triagers immediately:

• Clear metrics on targets blasted vs vulnerabilities confirmed.
• Direct Links to Vulnx Proof of Concepts (PoCs).
• Live extraction of the raw yaml exploit template used.
• Clean, enterprise-level aesthetic.

---

Elevate your arsenal. Harvest the vulnerabilities. Get WP-Reaper today.