Analysis updated 2026-05-18
Run authorized security scans against your own WordPress installation to find unpatched plugin or theme vulnerabilities.
Confirm whether a specific CVE actually affects a WordPress site you are responsible for securing.
Practice penetration testing techniques against WordPress in a lab environment you control.
| inmymine7/mephisto | aa2448208027-code/localaihotswap | amapvoice/pilottts | |
|---|---|---|---|
| Stars | 39 | 39 | 39 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | moderate | hard |
| Complexity | 3/5 | 3/5 | 4/5 |
| Audience | ops devops | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires manually adding two payload files to a lib folder before the tool will run.
Mephisto is a Python tool for security professionals who need to test WordPress installations for known vulnerabilities. The README states it is intended for authorized penetration testing only, meaning you must own the target system or have written permission from its owner before running it. The tool covers 22 documented security flaws in WordPress plugins and themes, identified by CVE numbers ranging from 2021 through 2026. The types of vulnerabilities it targets include arbitrary file uploads, authentication bypasses, SQL injection, privilege escalation, remote code execution, and cross-site request forgery. Once a vulnerability is confirmed, the tool can upload a web shell for post-exploitation access and create admin accounts. Beyond single-target testing, Mephisto supports scanning multiple WordPress sites at the same time using thread pooling. It saves results including uploaded shell locations and captured credentials to log files. To reduce the chance of detection during a test, it randomizes request headers and user agent strings. It also supports routing traffic through a proxy server. Installation requires Python 3.8 or newer and four standard Python libraries: requests, urllib3, beautifulsoup4, and colorama. The README includes step-by-step setup instructions for Windows, Linux, and macOS, covering Python installation, cloning the repository, and installing dependencies. The tool also requires two payload files placed in a lib/ folder, the README names these files but does not include them in the repository. The README carries a disclaimer that unauthorized use is illegal under the Computer Fraud and Abuse Act and equivalent laws in other countries, and that the author accepts no liability for misuse. The full README is longer than what was shown.
A Python tool that scans WordPress sites for known security bugs and can exploit them, meant for authorized penetration testers only.
Mainly Python. The stack also includes Python, requests, BeautifulSoup4.
The project badge says Educational, but no formal license terms are given in the README, so reuse and redistribution rights are unclear.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.