Plecost – WordPress finger printer tool, plecost search and retrieve information about the plugins versions installed in WordPress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there.

Plecost retrieves the information contained on Web sites supported by WordPress, and also allows a search on the results indexed by Google.



/usr/share/plecost [options] [ URL | [-l num] -G]


Google search options:
    -l num    : Limit number of results for each plugin in google.
    -G        : Google search mode
    -n        : Number of plugins to use (Default all - more than 7000).
    -c        : Check plugins only with CVE associated.
    -R file   : Reload plugin list. Use -n option to control the size (This take several minutes)
    -o file   : Output file. (Default "output.txt")
    -i file   : Input plugin list. (Need to start the program)
    -s time   : Min sleep time between two probes. Time in seconds. (Default 10)
    -M time   : Max sleep time between two probes. Time in seconds. (Default 20)
    -t num    : Number of threads. (Default 1)
    -h        : Display help. (More info: 


cyborg@cyborg:/usr/share/plecost$ sudo plecost -i wp_plugin_list.txt -s 12 -M 30 -t 20 -o results.txt

[*] Input plugin list set to: wp_plugin_list.txt
[*] Output file set to: results.txt
[*] Num of threats set to: 20
[*] Min sleep time set to: 12
[*] Max sleep time set to: 30

==> Results for: <==
[i] WordPress version found:  4.2.5
[i] WordPress last public version: 4.3.1

[*] Search for installed plugins

[i] Plugin found: contact-form-7
    |_Latest version:  4.4.1
    |_ Installed version: 4.2.2

Leave a reply


We're are building as a community and a team. Be a part of it.


©2018 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?