πΊπΈ English | πͺπΈ EspaΓ±ol
Scopex is a fast, terminal-based reconnaissance tool designed to analyze WordPress targets while strictly respecting scope boundaries. It focuses on visibility, clarity, and safety, helping bug bounty hunters and ethical hackers understand the WordPress attack surface before doing any exploitation.
Lightweight Scope-Aware WordPress Reconnaissance Tool
Version 2.2
This tool is WordPress-only by design. (Intended to change in the future)
-
Enforces scope rules from a dedicated
scopes/directory -
Supports:
- Root domains (
example.com) - Subdomains (
admin.example.com) - Wildcards (
*.example.com)
- Root domains (
-
Automatically skips out-of-scope targets
-
Prevents accidental scanning of unauthorized assets
Detects WordPress using multiple indicators:
- Common WordPress paths
- REST API presence
- HTML content analysis
If WordPress is not detected, the scan stops early.
Once WordPress is detected, ScopeX performs:
-
WordPress version detection
-
Passive plugin discovery:
- Direct plugin paths
- REST API references
-
Detection of exposed sensitive files:
wp-config.php.env.git/config- Debug logs
-
REST API route analysis
-
User enumeration via REST API (non-intrusive)
-
Brute force protection detection
-
CVE lookup for detected WordPress version
-
Automatic risk scoring and classification
Each target receives a risk score (0β100) based on findings such as:
- Confirmed critical file exposure
- User enumeration
- Missing brute force protection
- Development / unstable WordPress versions
Risk levels:
INFOLOWMEDIUMHIGHCRITICAL
Scopex generates:
- Detailed per-target reports (
.txt) - Optional JSON output (
--json) - A global summary report for all scanned targets
All results are saved inside the output/ directory.
ScopeX/
β
βββ scopex.py
βββ requirements.txt
βββ README.md
βββ README_ES.md
β
βββ scopes/
β βββ scope.txt # example scope file
β
βββ output/
βββ .gitkeep # output files are generated at runtime
Clone the repository:
git clone https://github.com/urdev4ever/ScopeX.git
cd ScopeXInstall dependencies:
pip install -r requirements.txtpython scopex.py [-h] [--url URL] [--list LIST] [--scope SCOPE] [--json] [--verbose] [--silent]
python scopex.py --url example.compython scopex.py --url example.com --scope scope.txtThe scope file must be located inside the
scopes/directory. (Important!)
python scopex.py --list targets.txtThis will NOT filter out-of-scope elements.
python scopex.py --url example.com --jsonpython scopex.py --url example.com --verbosepython scopex.py --url example.com --silent# Scopex scope file
# One entry per line
# Lines starting with # are comments
example.com
*.example.com
api.example.com
admin.example.com- β Do NOT include
http://orhttps:// - β Do NOT include paths or ports
- β
Wildcards must start with
*.
Generated automatically inside output/:
{target}_{timestamp}.txt{target}_{timestamp}.json(if--jsonis enabled)summary_{timestamp}.txt
In this example the command used was:
python scopex.py --url wordpress.orgOutput:
.
.
.
.
Scopex intentionally avoids:
- Exploitation
- Brute-force attacks
- Password guessing
- Payload injection
- Active fuzzing
- Aggressive crawling
It is a reconnaissance and assessment tool, not an exploitation framework.
- Bug bounty hunters (early recon phase)
- Ethical hackers
- Pentesters needing WordPress visibility
- Anyone who wants clean recon without tool bloat
This tool is intended for authorized security testing only. The author is not responsible for misuse.
βRecon is about understanding the surface β not attacking it.β
Scopex helps you:
- Stay in scope
- Reduce noise
- Identify real priorities
- Decide what to test manually
Made with <3 by URDev.