Information Disclosure Scanner for Wordpress REST API
By default, Wordpress installations run several REST endpoints, which could disclose information otherwise unknown to attackers or harder to obtain. This utility aims to help administrators check, whether their site is affected by this weakpoint.
Hosted on Github Pages: https://critsecurity.github.io/clapi/
Installable as progressive web application (PWA) on iOS, Android and Chromium-likes
Enumerate account names on the target domain. Export as CSV or raw API response (json).
Enumerate uploaded files in WP's media folder. Export as CSV or raw API response (json).
Enumerate open REST endpoints which can help discover and identify installed plugins. Export as CSV or raw API response (json).