Bug Bounty MCP Server

wpscan_analyze

Analyzes WordPress sites for security vulnerabilities using WPScan to identify plugin, theme, and core weaknesses for bug bounty assessments.

Instructions

Execute WPScan for WordPress vulnerability analysis.

Args: url: WordPress site URL enumerate: Enumeration options (ap=all plugins, at=all themes, etc.) update: Update WPScan database random_user_agent: Use random User-Agent api_token: WPVulnDB API token threads: Number of threads additional_args: Additional WPScan arguments

Returns: WordPress vulnerability analysis results

Input Schema

TableJSON Schema

Name	Required	Default
`additional_args`	No
`api_token`	No
`enumerate`	No	ap,at,cb,dbe
`random_user_agent`	No
`threads`	No
`update`	No
`url`	Yes

Output Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Implementation Reference

src/rest_api_server/tools/wpscan/wpscan.py:290-304 (handler)

Core handler function that orchestrates WPScan execution: extracts params, builds command, runs via execute_command, and parses output into structured findings.

@tool(required_fields=["url"])
def execute_wpscan():
    """Execute WPScan for comprehensive WordPress vulnerability analysis."""
    data = request.get_json()
    params = extract_wpscan_params(data)

    logger.info(f"Executing WPScan on {params['url']}")

    started_at = datetime.now()
    command = build_wpscan_command(params)
    execution_result = execute_command(command, timeout=1800)
    ended_at = datetime.now()

    return parse_wpscan_output(execution_result, params, command, started_at, ended_at)

src/mcp_server/app.py:1103-1144 (registration)

MCP server tool registration and proxy handler for 'wpscan_analyze', forwards parameters to backend REST API /api/wpscan endpoint.

def wpscan_analyze(
    url: str,
    enumerate: str = "ap,at,cb,dbe",
    update: bool = True,
    random_user_agent: bool = True,
    api_token: str | None = None,
    threads: int = 5,
    additional_args: str = "",
) -> dict[str, Any]:
    """Execute WPScan for WordPress vulnerability analysis.

    Args:
        url: WordPress site URL
        enumerate: Enumeration options (ap=all plugins, at=all themes, etc.)
        update: Update WPScan database
        random_user_agent: Use random User-Agent
        api_token: WPVulnDB API token
        threads: Number of threads
        additional_args: Additional WPScan arguments

    Returns:
        WordPress vulnerability analysis results
    """
    data = {
        "url": url,
        "enumerate": enumerate,
        "update": update,
        "random_user_agent": random_user_agent,
        "api_token": api_token,
        "threads": threads,
        "additional_args": additional_args,
    }

    logger.info(f"🔍 Starting WPScan analysis on {url}")
    result = api_client.safe_post("api/wpscan", data)

    if result.get("success"):
        logger.info(f"✅ WPScan analysis completed on {url}")
    else:
        logger.error("❌ WPScan analysis failed")

    return result

src/rest_api_server/tools/wpscan/wpscan.py:56-162 (helper)

Helper function that constructs the full WPScan CLI command line from extracted parameters, including all flags for enumeration, stealth, timeouts, etc.

def build_wpscan_command(params):
    """Build wpscan command from parameters."""
    cmd_parts = ["wpscan", "--url", params["url"]]

    # Enhanced enumeration options
    if params["enumerate"]:
        cmd_parts.extend(["--enumerate", params["enumerate"]])

    # Add detection evasion and stealth options
    if params["stealthy"]:
        cmd_parts.extend(["--stealthy"])

    # Add user agent randomization
    if params["random_user_agent"]:
        cmd_parts.append("--random-user-agent")

    # Add custom user agent
    if params["user_agent"]:
        cmd_parts.extend(["--ua", params["user_agent"]])

    # Enhanced detection options
    if params["detection_mode"] != "mixed":
        cmd_parts.extend(["--detection-mode", params["detection_mode"]])

    # Add plugin detection
    if params["plugin_detection"] != "mixed":
        cmd_parts.extend(["--plugins-detection", params["plugin_detection"]])

    # Add update option
    if params["update"]:
        cmd_parts.append("--update")

    # Add API token
    if params["api_token"]:
        cmd_parts.extend(["--api-token", params["api_token"]])

    # Enhanced threading
    cmd_parts.extend(["--max-threads", str(params["threads"])])

    # Add timeouts
    cmd_parts.extend(["--request-timeout", str(params["request_timeout"])])
    cmd_parts.extend(["--connect-timeout", str(params["connect_timeout"])])

    # Add follow redirects
    if params["follow_redirects"]:
        cmd_parts.append("--follow-redirects")

    # Add WordPress directory detection
    if params["wp_content_dir"]:
        cmd_parts.extend(["--wp-content-dir", params["wp_content_dir"]])
    if params["wp_plugins_dir"]:
        cmd_parts.extend(["--wp-plugins-dir", params["wp_plugins_dir"]])

    # Add SSL check control
    if params["disable_ssl_check"]:
        cmd_parts.append("--disable-tls-checks")

    # Add proxy support
    if params["proxy"]:
        cmd_parts.extend(["--proxy", params["proxy"]])

    # Add HTTP authentication
    if params["http_auth"]:
        cmd_parts.extend(["--http-auth", params["http_auth"]])

    # Add custom headers
    if params["headers"]:
        for header_name, header_value in params["headers"].items():
            cmd_parts.extend(["--headers", f"{header_name}: {header_value}"])

    # Add output format
    if params["format"] in ["json", "cli"]:
        cmd_parts.extend(["--format", params["format"]])

    # Add verbose output
    if params["verbose"]:
        cmd_parts.append("--verbose")

    # Add no banner
    if params["no_banner"]:
        cmd_parts.append("--no-banner")

    # Add password attack options
    if params["passwords_file"]:
        cmd_parts.extend(["--passwords", params["passwords_file"]])
    if params["usernames_file"]:
        cmd_parts.extend(["--usernames", params["usernames_file"]])
    if params["password_attack"]:
        cmd_parts.extend(["--multicall-max-passwords", str(params["multicall"])])

    # Add output file
    if params["output_file"]:
        cmd_parts.extend(["--output", params["output_file"]])

    # Add custom cookie
    if params["cookie"]:
        cmd_parts.extend(["--cookie-string", params["cookie"]])

    # Add scope limitation
    if params["scope"]:
        cmd_parts.extend(["--scope", params["scope"]])

    # Add additional arguments
    if params["additional_args"]:
        cmd_parts.extend(params["additional_args"].split())

    return " ".join(cmd_parts)

src/rest_api_server/tools/wpscan/wpscan.py:19-53 (helper)

Helper function to extract and provide defaults for WPScan parameters from incoming JSON request.

def extract_wpscan_params(data):
    """Extract wpscan parameters from request data."""
    params = {
        "url": data["url"],
        "enumerate": data.get("enumerate", "ap,at,cb,dbe,u,m"),
        "stealthy": data.get("stealthy", False),
        "random_user_agent": data.get("random_user_agent", True),
        "user_agent": data.get("user_agent", ""),
        "detection_mode": data.get("detection_mode", "mixed"),
        "plugin_detection": data.get("plugin_detection", "mixed"),
        "update": data.get("update", True),
        "api_token": data.get("api_token", ""),
        "threads": data.get("threads", 5),
        "request_timeout": data.get("request_timeout", 60),
        "connect_timeout": data.get("connect_timeout", 30),
        "follow_redirects": data.get("follow_redirects", True),
        "wp_content_dir": data.get("wp_content_dir", ""),
        "wp_plugins_dir": data.get("wp_plugins_dir", ""),
        "disable_ssl_check": data.get("disable_ssl_check", False),
        "proxy": data.get("proxy", ""),
        "http_auth": data.get("http_auth", ""),
        "headers": data.get("headers", {}),
        "format": data.get("format", "json"),
        "verbose": data.get("verbose", False),
        "no_banner": data.get("no_banner", True),
        "passwords_file": data.get("passwords_file", ""),
        "usernames_file": data.get("usernames_file", ""),
        "password_attack": data.get("password_attack", False),
        "multicall": data.get("multicall", 20),
        "output_file": data.get("output_file", ""),
        "cookie": data.get("cookie", ""),
        "scope": data.get("scope", ""),
        "additional_args": data.get("additional_args", ""),
    }
    return params

src/rest_api_server/tools/wpscan/wpscan.py:165-223 (helper)

Helper function that parses WPScan stdout/stderr into structured findings, applies deduplication, computes stats, and formats the API response.

def parse_wpscan_output(
    execution_result: dict[str, Any],
    params: dict,
    command: str,
    started_at: datetime,
    ended_at: datetime,
) -> dict[str, Any]:
    """Parse wpscan execution result and format response with findings."""
    duration_ms = int((ended_at - started_at).total_seconds() * 1000)

    if not execution_result["success"]:
        return {
            "success": False,
            "tool": "wpscan",
            "params": params,
            "command": command,
            "started_at": started_at.isoformat(),
            "ended_at": ended_at.isoformat(),
            "duration_ms": duration_ms,
            "error": execution_result.get("error", "Command execution failed"),
            "findings": [],
            "stats": create_stats(0, 0, 0),
        }

    stdout = execution_result.get("stdout", "")
    stderr = execution_result.get("stderr", "")

    # Parse findings from output
    findings = _parse_wpscan_findings(stdout, stderr, params["url"])

    # Remove duplicates based on finding type and target
    seen_findings = set()
    unique_findings = []
    dupes_count = 0

    for finding in findings:
        unique_key = (
            f"{finding['type']}:{finding['target']}:{finding.get('raw_ref', '')}"
        )
        if unique_key not in seen_findings:
            seen_findings.add(unique_key)
            unique_findings.append(finding)
        else:
            dupes_count += 1

    payload_bytes = len((stdout + stderr).encode("utf-8"))

    return {
        "success": True,
        "tool": "wpscan",
        "params": params,
        "command": command,
        "started_at": started_at.isoformat(),
        "ended_at": ended_at.isoformat(),
        "duration_ms": duration_ms,
        "findings": unique_findings,
        "stats": create_stats(len(unique_findings), dupes_count, payload_bytes),
    }

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It mentions that the tool 'Execute[s] WPScan' and returns 'WordPress vulnerability analysis results,' but lacks critical behavioral details: it doesn't specify if this is a read-only scan or if it performs active testing, doesn't mention rate limits, execution time, or potential impacts on the target site, and doesn't clarify what 'analysis results' include (e.g., reports, alerts). For a vulnerability scanning tool with zero annotation coverage, this is a significant gap.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with clear sections for 'Args' and 'Returns,' making it easy to parse. It's front-loaded with the core purpose. However, some sentences could be more efficient (e.g., the parameter list is verbose but necessary given low schema coverage), and the 'Returns' section is vague. Overall, it's appropriately sized with minimal waste.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (vulnerability scanning with 7 parameters), no annotations, and an output schema (implied by 'Returns'), the description is moderately complete. It covers the purpose and parameters but lacks behavioral context and detailed usage guidelines. The output schema existence means it needn't explain return values deeply, but the description should do more for a tool of this nature.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description must compensate. It lists all 7 parameters with brief explanations (e.g., 'url: WordPress site URL'), adding meaning beyond the schema's titles. However, the explanations are minimal (e.g., 'enumerate: Enumeration options (ap=all plugins, at=all themes, etc.)' lacks full details), and it doesn't cover defaults or required parameters. It partially compensates but doesn't fully bridge the coverage gap.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Execute WPScan for WordPress vulnerability analysis.' It specifies the verb ('Execute WPScan') and resource ('WordPress vulnerability analysis'), making it clear what the tool does. However, it doesn't explicitly differentiate from sibling tools like 'nikto_scan' or 'nuclei_scan' that might also perform vulnerability scanning, though WPScan is WordPress-specific.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., needing a WordPress site), exclusions (e.g., not for non-WordPress sites), or comparisons to siblings like 'nuclei_scan' (general) or 'nikto_scan' (web server). Usage is implied by the tool name and purpose but not explicitly stated.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/SlanyCukr/bugbounty-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server