DeConfigro is a lightweight and powerful tool designed to scan websites for a common WordPress vulnerabilities involving the wp-admin/setup-config.php?step=1 page.
This page is part of the WordPress installation process and, if left exposed, can be a security risk. The tool checks if the page is accessible, indicating an incomplete WordPress installation that could be exploited.
Bash-Based. Fast. Efficient.
Built for security researchers, penetration testers, and bug bounty hunters who need to identify WordPress misconfigurations at scale.
- Detects exposed WordPress setup configuration pages
- Scans single URLs or bulk targets from file
- Provides color-coded feedback for vulnerable endpoints
- Saves vulnerable URLs to output file
- Features auto-completion for file paths
- Runs entirely in bash with minimal dependencies
- Performs HTTP status checks to confirm vulnerabilities
Designed for efficient reconnaissance and vulnerability assessment in authorized security testing.
* This tool is for educational and authorized testing purposes only. See disclaimer below.
- Bash Shell β Cross-platform shell scripting
- Curl β HTTP request handling
- Auto-Completion β Enhanced user experience
- Color-Coded Output β Clear visual feedback
- File-Based Scanning β Bulk target processing
| Feature | Details |
|---|---|
| Vulnerability Detection | Identifies exposed WordPress setup configuration pages |
| Single URL Scanning | Test individual targets quickly |
| Bulk Scanning | Process multiple URLs from file |
| Auto-Completion | File path completion for improved workflow |
| Detailed Output | Color-coded feedback for vulnerable URLs |
| Save Results | Export vulnerable URLs to file for documentation |
| HTTP Status Validation | Confirms page accessibility before flagging |
| Lightweight | Minimal dependencies, runs on any Unix-like system |
-
Clone the repository
git clone https://github.com/nuknov/DeConfigro.git cd DeConfigro -
Give executable permission to the script
chmod +x DeConfigro.sh
-
Verify dependencies
# Check if curl is installed curl --version # If not installed: # Ubuntu/Debian: sudo apt install curl # macOS: brew install curl
-
Run the tool:
./DeConfigro.sh
OR
bash DeConfigro.sh
Note: The
./method is preferred if the script has been made executable withchmod +x, whilebashcan be used if you prefer to run the script through the Bash shell explicitly. -
Follow the prompts:
- Choose single URL or bulk scan mode
- Enter target URL(s) or file path
- Review scan results
-
After the scan:
- Vulnerable URLs will be displayed in color-coded output
- Option to save results to a file for documentation
$ ./DeConfigro.sh
[DeConfigro - WordPress Configuration Scanner]
Select scanning mode:
1. Single URL
2. Bulk scan from file
Enter choice: 2
Enter file path: targets.txt
[Auto-completion enabled]
Scanning targets...
β
https://example1.com - VULNERABLE
β https://example2.com - Not Vulnerable
β
https://example3.com - VULNERABLE
Save results to file? (y/n): y
Results saved to: vulnerable_sites.txtββββββββββββββββββββββββββββββββββββββββββββββββββββ
β WORDPRESS SETUP CONFIGURATION EXPOSURE β
ββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β Vulnerable Endpoint: β
β /wp-admin/setup-config.php?step=1 β
β β
β Risk Level: MEDIUM to HIGH β
β β
β Attack Vector: β
β β’ Incomplete WordPress installation β
β β’ Setup page left publicly accessible β
β β’ Allows database configuration exposure β
β β’ Potential for database credential theft β
β β
β Impact: β
β β’ Attacker can complete installation β
β β’ Database takeover possible β
β β’ Full site compromise β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
# Detection Method:
1. Send HTTP GET request to target + /wp-admin/setup-config.php?step=1
2. Check HTTP status code (200 = vulnerable)
3. Verify page content for WordPress setup indicators
4. Flag as vulnerable if exposed
5. Save to results fileDeConfigro uses bash scripting and curl to:
- Accept target input (single URL or file of URLs)
- Construct vulnerable endpoint by appending
/wp-admin/setup-config.php?step=1 - Send HTTP requests using curl
- Analyze responses for exposure indicators
- Display color-coded results to user
- Save vulnerable targets to output file
β
Runs entirely locally
β
No external dependencies beyond curl
β
Fully open source
| Requirement | Details |
|---|---|
| Operating System | Linux, macOS, WSL for Windows |
| Shell | Bash (pre-installed on most Unix systems) |
| HTTP Client | curl (for making HTTP requests) |
| Permissions | Execute permission on script |
| Network | Internet connection for remote scanning |
ββββββββββββββββββββββββββββββββββββββββββββββββββ
β DeConfigro - Scan Results β
ββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β β
https://site1.com - VULNERABLE β
β β /wp-admin/setup-config.php?step=1 β
β β
β β https://site2.com - Not Vulnerable β
β β
β β
https://site3.com - VULNERABLE β
β β /wp-admin/setup-config.php?step=1 β
β β
β π Summary: β
β Total Scanned: 3 β
β Vulnerable: 2 β
β Secure: 1 β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββIMPORTANT: This tool is for educational and authorized testing purposes ONLY.
- You MUST have explicit permission from the website owner before scanning
- This tool is designed for authorized security assessments and bug bounty programs
- The authors are NOT responsible for any misuse or unauthorized scanning
- Unauthorized scanning may be illegal in your jurisdiction
Legal Considerations:
- Only scan websites you own or have written authorization to test
- Respect responsible disclosure guidelines
- Comply with bug bounty program rules
- Follow all applicable laws and regulations
Ethical Usage:
- Use for vulnerability research and security improvement only
- Report findings to website owners responsibly
- Do not exploit discovered vulnerabilities
- Maintain confidentiality of discovered issues
Always operate within legal boundaries and ethical guidelines.
- Bug bounty hunting on authorized programs
- Security assessments with proper authorization
- WordPress security audits for clients
- Penetration testing in controlled environments
- Security research on owned infrastructure
- Red team exercises with documented scope
- Vulnerability disclosure programs
- Educational security training
Ideal for security professionals and researchers conducting authorized WordPress security assessments.
Created by:
With great power comes great responsibility. Scan ethically. Always get permission. Respect boundaries.