WPHash is a side-project that was built to experiment in detecting WordPress plugins by comparing SHA256 checksums of files a plugin exposes. This site indexes both original- and normalized SHA256 checksums for a vast majority of the WordPress plugins available on the marketplace.
All available SHA256 checksums, both normalized and original, can be downloaded on the respective plugin's page.
This research is proudly sponsored by cyllective <3
All text-based files were first normalized with dos2unix in order to normalize line-endings for a more broad detection rate.
In order to make use of normalized SHA256 hashes, you will first
need to convert all \r\n line endings to
\n before calculating the SHA256 hash of each file.
An experimental API is provided with which you can lookup SHA256 hashes, filepaths, and vulnerability data. Check out the OpenAPI spec under /docs.
Do you have questions, thoughts, recommendations, found a bug or just want to say hi?
Hit me up on Twitter @_cydave
THIS SERVICE IS PROVIDED “AS IS," WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, OR NON-INFRINGEMENT.
IN NO EVENT SHALL THE SERVICE BE LIABLE FOR ANY DAMAGES OR OTHER LIABILITIES,
WHETHER IN CONTRACT, TORT, OR OTHERWISE, ARISING FROM OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.