WP-Hunter – Reconnaissance and SAST tool for WordPress plugins and themes

Summary: WP-Hunter is an open-source tool combining heuristic vulnerability probability scoring and Semgrep-based static analysis to identify risks in WordPress plugins and themes. It offers a real-time Web Dashboard and offline recon via local database sync, aiding security researchers in prioritizing high-risk targets.

What it does

WP-Hunter performs metadata analysis, heuristic risk scoring, and deep code scanning using Semgrep to detect vulnerabilities in WordPress plugins and themes. It supports offline reconnaissance by syncing the plugin catalog locally and provides a Web Dashboard for real-time monitoring.

Who it's for

It is designed for bug bounty hunters, pentesters, and security researchers focusing on WordPress ecosystem vulnerabilities.

Why it matters

WP-Hunter streamlines vulnerability detection and prioritization in a large plugin ecosystem, improving the efficiency of security assessments.