WP-Hunter is a powerful reconnaissance and SAST tool for WordPress plugins and themes. It goes beyond basic scanning with heuristic vulnerability probability scoring (VPS) to help prioritize high-risk targets. Features include a real-time Web Dashboard, offline recon via local database sync, and deep Semgrep-based code analysis. Built for bug bounty hunters and pentesters. 🚀 Soon: AI-powered source code analysis for smarter detection.

Figr AI: UX Agent for Product Teams — Learns your product. Thinks through UX

Learns your product. Thinks through UX

Hello Product Hunt! 👋 I'm Ali, the creator of WP-Hunter.

As a pentester and bug bounty hunter, I realized that finding vulnerabilities in the massive WordPress ecosystem requires more than just basic scanning. That's why I built WP-Hunter!

It combines metadata analysis, heuristic risk scoring (VPS), and Semgrep-powered deep SAST into one open-source tool. It also features a modern Web Dashboard and offline recon capabilities by syncing the plugin catalog locally.

Whether you are looking for "zombie" abandoned plugins or complex vulnerabilities, WP-Hunter is designed to make the recon phase much faster and smarter.

I'm actively developing it and would absolutely love to hear your feedback, feature requests, or answer any questions you might have! 🚀

- https://github.com/xeloxa/wp-hunter
- https://www.producthunt.com/products/wp-hunter