Nocheck option - will not check if it's a valid WP

2017-06-11 14:38:46 +02:00 · 2017-06-11 14:38:46 +02:00 · 33d7ad5047
parent 5776d2a5eb
commit 33d7ad5047
3 changed files with 38 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -31,7 +31,7 @@ python main.py -u "http://localhost/wordpress" --update --random-agent
 --random-agent : Use a random user-agent for this session
 ```

-Example 2 : Basic bruteforce
+Example 2 : Basic bruteforce (option --brute, option --nocheck)
 ```
 python main.py -u "http://127.0.0.1/wordpress/" --brute fuzz/wordlist.lst
 python main.py -u "http://127.0.0.1/wordpress/" --brute admin
@ -39,6 +39,32 @@ python main.py -u "http://127.0.0.1/wordpress/" --brute admin
 --brute file.lst : Will bruteforce every username and their password
 --brute username : Will bruteforce the password for the given username
 it will also try to bruteforce the password for the detected users.
+
+
+
+╭─ 👻 swissky@crashlab: ~/Github/Wordpresscan  ‹master*›
+╰─$ python main.py -u "http://127.0.0.1/wordpress/" --brute fuzz/wordlist.lst --nocheck       
+_______________________________________________________________
+ _    _               _                                         
+| |  | |             | |                                        
+| |  | | ___  _ __ __| |_ __  _ __ ___  ___ ___  ___ __ _ _ __  
+| |/\| |/ _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|/ __/ _` | '_ \
+\  /\  / (_) | | | (_| | |_) | | |  __/\__ \__ \ (_| (_| | | | |
+ \/  \/ \___/|_|  \__,_| .__/|_|  \___||___/___/\___\__,_|_| |_|
+                       | |                                      
+                       |_|                                      
+ WordPress scanner based on wpscan work - @pentest_swissky      
+_______________________________________________________________
+[+] URL: http://127.0.0.1/wordpress/
+
+[!] The Wordpress 'http://127.0.0.1/wordpress/readme.html' file exposing a version number: 4.4.7
+[i] Uploads directory has directory listing enabled : http://127.0.0.1/wordpress/wp-content/uploads/
+[i] Includes directory has directory listing enabled : http://127.0.0.1/wordpress/wp-includes/
+
+[i] Bruteforcing all users
+[+] User found admin
+[+] Starting passwords bruteforce for admin
+Bruteforcing - ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
 ```

 Example 3 : Thinking is overrated, this is aggressive, mostly not advised!
--- a/engine/wordpress.py
+++ b/engine/wordpress.py
@ -14,15 +14,15 @@ class Wordpress:
 	agent   = False
 	users   = {}

-	def __init__(self, url, user_agent):
+	def __init__(self, url, user_agent, nocheck):
 		print info("URL: %s" % url)
 		self.url   = url
 		self.agent = user_agent
 		self.random_agent()
 		self.clean_url()
 		self.is_up_and_installed()
-		#self.is_wordpress()
-		#self.is_readme()
+		self.is_wordpress(nocheck)
+		self.is_readme()
 		self.is_debug_log()
 		self.is_backup_file()
 		self.is_xml_rpc()
@ -56,11 +56,12 @@ class Wordpress:
 	name        : is_wordpress()
 	description : detect a WordPress instance
 	"""
-	def is_wordpress(self):
-		self.index = requests.get(self.url, headers={"User-Agent":self.agent})
-		if not "wp-" in self.index.text:
-			print critical("Not a WordPress !")
-			exit()
+	def is_wordpress(self, nocheck):
+		if nocheck == False:
+			self.index = requests.get(self.url, headers={"User-Agent":self.agent})
+			if not "wp-" in self.index.text:
+				print critical("Not a WordPress !")
+				exit()

 	"""
 	name        : is_up_and_installed()
--- a/main.py
+++ b/main.py
@ -29,6 +29,7 @@ if __name__ == "__main__":
 	parser.add_argument('--aggressive', action ='store_const', const='aggressive', dest='aggressive', default=False, help="Update the database")
 	parser.add_argument('--fuzz', action ='store_const', const='fuzz', dest='fuzz', default=False, help="Fuzz the files")
 	parser.add_argument('--brute', action ='store', dest='brute', default=None, help="Bruteforce users and passwords")
+	parser.add_argument('--nocheck', action ='store_const', const='nocheck',dest='nocheck', default=False, help="Check for a Wordpress instance")
 	parser.add_argument('--random-agent', action ='store_const', const='random_agent', dest='random_agent', default=False, help="Random User-Agent")
 	results = parser.parse_args()

@ -40,7 +41,7 @@ if __name__ == "__main__":
 			database_update()

 		# Build a new wordpress object
-		wp = Wordpress(results.url, results.random_agent)
+		wp = Wordpress(results.url, results.random_agent, results.nocheck)

 		# Launch bruteforce
 		Brute_Engine(wp, results.brute)