Get started with PluginHunter in 5 minutes!
Author: LAKSHMIKANTHAN K (letchupkt)
Version: 1.2.1
pip install PluginHunterPluginHunter --versionExpected output:
PluginHunter version 1.2.1
Author: LAKSHMIKANTHAN K (letchupkt)
PluginHunterThen:
- Select option
1(Scan WordPress.org Plugin) - Enter plugin slug:
hello-dolly - Deep scan?
N - Dynamic verification?
N - Wait for results
PluginHunter scan --source slug --target hello-dollyReports are saved in your current directory:
ls scan_*.json scan_*.htmlOpen HTML report in browser:
# Linux
xdg-open scan_hello-dolly_*.html
# macOS
open scan_hello-dolly_*.html
# Windows
start scan_hello-dolly_*.htmlPluginHunter scan --source local --target /path/to/your/pluginPluginHunter scan --source slug --target plugin-name --deepPluginHunter
# Select option 7: Server Mode Configuration
# Follow the wizard
# Then select option 8: Start Server Mode# WordPress.org plugin
PluginHunter scan --source slug --target plugin-name
# Local directory
PluginHunter scan --source local --target /path/to/plugin
# ZIP file
PluginHunter scan --source zip --target plugin.zip
# GitHub repository
PluginHunter scan --source github --target user/repoPluginHunterMenu options:
1- Scan WordPress.org Plugin2- Scan Local ZIP File3- Scan GitHub Repository4- Manage Detection Rules5- View Scan History6- Configuration Settings7- Server Mode Configuration8- Start Server Mode9- About PluginHunter0- Exit
# Configure
PluginHunter
# Select option 7
# Start from menu
PluginHunter
# Select option 8
# Start from command line
PluginHunter server --config server_config.jsonpip install --upgrade PluginHunter
# Restart terminalpip install --upgrade --force-reinstall PluginHunterpython3 verify_install.pyOr from menu:
PluginHunter
# Select option 6: Configuration Settings# 1. Install
pip install PluginHunter
# 2. Scan popular plugin
PluginHunter scan --source slug --target contact-form-7 --deep
# 3. Review reports
ls scan_*.html# 1. Install
pip install PluginHunter
# 2. Scan your plugin
PluginHunter scan --source local --target ./my-plugin
# 3. Fix issues
# 4. Scan again# 1. Install
pip install PluginHunter
# 2. Configure server mode
PluginHunter
# Select option 7, configure Discord/Telegram
# 3. Start continuous scanning
PluginHunter
# Select option 8
# 4. Get notifications when vulnerabilities found- Use interactive menu for first-time use
- Use command line for automation
- Enable deep scan for thorough analysis
- Check scan history to see past results
- Configure server mode for continuous monitoring
- Read HTML reports for detailed findings
- Use CVE reports for responsible disclosure
- README.md - Complete documentation
- SERVER_MODE.md - Server mode guide
- FAQ.md - Frequently asked questions
- DOCUMENTATION.md - Documentation index
- GitHub Issues: https://github.com/letchupkt/PluginHunter/issues
- Email: letchupkt@example.com
PluginHunter --help
PluginHunter scan --help
PluginHunter server --help- ✅ SQL Injection (SQLi)
- ✅ Cross-Site Scripting (XSS)
- ✅ Remote Code Execution (RCE)
- ✅ Cross-Site Request Forgery (CSRF)
- ✅ Authentication/Authorization bypass
- ✅ Server-Side Request Forgery (SSRF)
- ✅ Insecure File Upload
- ✅ Insecure Deserialization
- ✅ Privilege Escalation
- ✅ IDOR
- ✅ LFI/RFI
┌─────────────────────────────────────────────────────────┐
│ PluginHunter Quick Reference │
├─────────────────────────────────────────────────────────┤
│ Install: pip install PluginHunter │
│ Run: PluginHunter │
│ Scan: PluginHunter scan --source slug \ │
│ --target plugin-name │
│ Server: PluginHunter server \ │
│ --config server_config.json │
│ Help: PluginHunter --help │
│ Version: PluginHunter --version │
├─────────────────────────────────────────────────────────┤
│ Reports: scan_*.json, scan_*.html, scan_*_cve.md │
│ Config: server_config.json │
│ Logs: server.log │
└─────────────────────────────────────────────────────────┘
You're ready to start hunting vulnerabilities!
Author: LAKSHMIKANTHAN K (letchupkt)
License: MIT
For complete documentation, see README.md