Wp_Scanner

1. #!/usr/bin/env python
2. import urllib2, urllib, sys, argparse
3.  
4. def uniq(lst):
5.     last = object()
6.     for item in lst:
7.         if item == last:
8.             continue
9.         yield item
10.         last = item
11.  
12. def sort_and_deduplicate(l):
13.     return list(uniq(sorted(l, reverse=False)))
14.  
15. def curllib(req, params=None,postdata=None):
16.     headers = { 'User-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0',
17.                 'Content-Type': 'application/x-www-form-urlencoded'}
18.     try:
19.         req = urllib2.Request( req, postdata, headers)
20.         req = urllib2.urlopen(req, timeout = 30).read()
21.     except Exception as e:
22.         return False
23.     return req
24.  
25. def sout(s):
26.     sys.stdout.write( s + "\r" )
27.     sys.stdout.flush()
28.  
29. def finder( text, start, end, index = 1 ):
30.     try:
31.         text = text.split(start)[index]
32.         return text.split(end)[0]
33.     except:
34.         return ""
35.  
36. def find_username( html=None ):
37.     if html != None:
38.         return { "user": finder( html, '/author/', '/' ), "name": finder( html, '<title>', '</title>' ).split(',')[0] }
39.  
40.  
41. # Main:
42.  
43. parser = argparse.ArgumentParser(description="Wordpress users enumerate  bypass", epilog="\033[1mCoded by github/\033[1;36m4hm3d \033[0m")
44.  
45. parser.add_argument( '-s', '--site', required=True, default=None, help='target domain or URL')
46. parser.add_argument( '-n', required=True, type=int, default=None , help='numbers of users to enumerate.')
47. args = vars(parser.parse_args())
48.  
49. results = []
50. max_login_len = max_name_len = 0
51. site = urllib2.urlparse.urlparse( args['site'] )
52. usern = args['n']
53.  
54. if site:
55.     site = site[0]+"://"+site[1]+"/" if site[2] == "" else site[0]+"://"+site[1]+site[2]
56.     print("[+]: Scanning "+site)
57. else:
58.     sys.exit("[#]: Wrong SITE formate (ex):\r\nhttp://target.com/")
59. for x in range( 0, usern ):
60.     sout("[+]: %" + str( 100 / usern*x ) + "\t")
61.     try:
62.         tmp = curllib(site, '', urllib.urlencode({"author":(x+1)}) )#vsend the request
63.         if tmp == False:
64.             pass
65.         tmp = find_username( tmp ) # extract the info from the respond
66.     except:
67.         pass
68.     if len(tmp['user']):
69.         results.append(tmp)
70.         max_login_len = len(tmp['user']) if max_login_len < len(tmp['user']) else max_login_len #get the longest username
71.         max_name_len = len(tmp['name']) if max_name_len < len(tmp['name']) else max_name_len #get the longest name
72.  
73. if not results:
74.     print("[ERROR]: Could not find anything, or something went wrong!")
75.     sys.exit()
76. results = sort_and_deduplicate(results)#remove duplicate
77. print("Found "+str( len( results ) )+" users in "+site+"")
78.  
79. login_space = (max_login_len-len("Login")+1)*" "
80. name_space = (max_name_len-len("Name")+1)*" "
81. login_bar = ((max_login_len-len("Login")+1)+6)*"-"
82. name_bar = ((max_name_len-len("Name")+1)+5)*"-"
83. header = "| Id | Login"+login_space+"| Name"+name_space+"|"
84.  
85. # print the head of the table
86. print("  +----+"+login_bar+"+"+name_bar+"+")
87. print("  "+header)
88. print("  +----+"+login_bar+"+"+name_bar+"+")
89.  
90. # print the
91. for x in range(0,len(results)):
92.     id_space = (3-len(str(x+1)))*" "
93.     login_space = (max_login_len-len(results[x]['user'])+1)*" "
94.     name_space = (max_name_len-len(results[x]['name'])+1)*" "
95.     print("  | "+str(x+1)+id_space+"| "+results[x]['user']+login_space+"| "+results[x]['name']+name_space+"|")
96. print("  +----+"+login_bar+"+"+name_bar+"+")
97.  
98. # finished :) feel free to contribute