Fit For Gov
CallBuild proposal →

RECONNAISSANCE — FREE, PASSIVE, ONE-PAGE DOSSIER

The website is the reconnaissance surface.

Enter a Canadian municipal URL. The routine reads only what an attacker can read — the WordPress fingerprint, the plugin inventory, the exposed admin paths, the security headers, the TLS posture, and the email-spoofing risk — and returns a printed dossier.

Public surface only. No authentication, no probing, no path enumeration. Identical to what any logged-out browser sees.

Routine takes approximately 30–60 seconds. The dossier renders below when complete.

§ I — SCOPE01 / 04

What the routine reads

  • § IPublic homepage and response headers
  • § IICore version disclosures
  • § IIIEnqueued plugin and theme inventory
  • § IVStandard WordPress public endpoints
  • § VTLS posture and HTTPS enforcement
  • § VIEmail authentication — SPF, DMARC, DKIM, MTA-STS

What the routine never does

  • ×Authenticate against the site or any service
  • ×Probe known leak paths (.env, .git/, backups)
  • ×Enumerate hidden directories or fuzz parameters
  • ×Send any traffic that resembles attack traffic to a WAF
  • ×Save or share the dossier without the requester’s consent
§ II — METHODOLOGY02 / 04

Every request the routine makes is one a normal browser, RSS reader, or feed consumer makes when the operator chooses to publish that file. The routine identifies itself with a user-agent that names the practice and links to this page; nothing about the traffic is concealed.

Findings are produced from real public data: the homepage HTML, the response headers, the WordPress readme.html and license.txt when present, the public REST endpoint at /wp-json/wp/v2/users, /xmlrpc.php, /robots.txt, the directory-listing surface on /wp-content/uploads/ and /wp-includes/, and DNS records for SPF, DMARC, DKIM (default selector), and MTA-STS.

Plugin and theme detection comes from <script> and <link> URLs the page itself enqueues. Cross-reference is against a curated registry of high-value WordPress targets with citations to Patchstack and WPScan; we do not claim a detected install is vulnerable to a specific CVE without an authoritative match.

NEXT STEP

Call first. Email second. Forms third.

If the dossier surfaces something your municipality should act on, the call is fifteen minutes. The principal answers the phone.

+1 250 415 5678·jesse@fitforgov.com
Procurement thresholds →Draft a council briefing →The Switch →The Toolkit →The Threat Wire →← Return to Fit For Gov