Updates global options and bruteforce engine

pull/19/head
Soka 2017-10-14 22:13:29 +02:00
parent d52090579d
commit 3ded7a2cf4
3 changed files with 48 additions and 27 deletions

View File

@ -33,13 +33,18 @@ python main.py -u "http://localhost/wordpress" --update --random-agent
``` ```
Example 2 : Basic bruteforce (option --brute, option --nocheck) Example 2 : Basic bruteforce (option --brute, option --nocheck)
* bruteforce customs usernames
```
python main.py -u "http://127.0.0.1/wordpress/" --brute --usernames "admin,guest" --passwords-list fuzz/wordlist.lst
```
* bruteforce with usernames list
```
python main.py -u "http://127.0.0.1/wordpress/" --brute --users-list fuzz/wordlist.lst --passwords-list fuzz/wordlist.lst
```
* bruteforce detected users
```
python main.py -u "http://127.0.0.1/wordpress/" --brute --passwords-list fuzz/wordlist.lst
``` ```
python main.py -u "http://127.0.0.1/wordpress/" --brute fuzz/wordlist.lst
python main.py -u "http://127.0.0.1/wordpress/" --brute admin
--brute file.lst : Will bruteforce every username and their password
--brute username : Will bruteforce the password for the given username
it will also try to bruteforce the password for the detected users.

View File

@ -12,36 +12,48 @@ from wordpress import *
from thread_engine import ThreadEngine from thread_engine import ThreadEngine
class Brute_Engine: class Brute_Engine:
def __init__(self, wordpress, brute): def __init__(self, wordpress, brute, usernames, users_list, passwords_list):
if brute != None: # bruteforce customs users passed in --brute
# ex: --brute admin,guest,foo
if brute:
if usernames:
users_to_brute = usernames.split(',')
for user in users_to_brute:
user = user.replace(' ', '')
print notice("Bruteforcing " + user)
self.bruteforcing_pass(wordpress, user, passwords_list)
# Bruteforce username # Bruteforce with usernames list
if os.path.isfile(brute): elif users_list:
self.bruteforcing_user(wordpress) for file_list in [users_list, passwords_list]:
if not os.path.isfile(file_list):
print critical("Can't found %s file" % file_list)
exit()
# launch users & passwords bruteforce
self.bruteforcing_user(wordpress, users_list, passwords_list)
# if users detected, bruteforce them
else: else:
if len(wordpress.users) != 0: if len(wordpress.users) != 0:
print notice("Bruteforcing detected users") if not os.path.isfile(passwords_list):
print critical("Can't found %s file" % passwords_list)
exit()
print notice("Bruteforcing detected users: {}".format(wordpress.users))
for user in wordpress.users: for user in wordpress.users:
print info("User found "+ user['slug']) print info("User found "+ user['slug'])
self.bruteforcing_pass(wordpress, user['slug']) self.bruteforcing_pass(wordpress, user['slug'], passwords_list)
else:
print notice("Bruteforcing " + brute)
print info("User found "+ brute)
self.bruteforcing_pass(wordpress, brute)
# Exit the bruteforce
exit()
""" """
name : bruteforcing_user(self, wordpress) name : bruteforcing_user(self, wordpress)
description : description :
""" """
def bruteforcing_user(self, wordpress): def bruteforcing_user(self, wordpress, users_list, passwords_list):
print notice("Bruteforcing all users") print notice("Bruteforcing all users")
with open('fuzz/wordlist.lst') as data_file: with open(users_list) as data_file:
data = data_file.readlines() data = data_file.readlines()
thread_engine = ThreadEngine(wordpress.max_threads) thread_engine = ThreadEngine(wordpress.max_threads)
users_found = [] users_found = []
@ -52,7 +64,7 @@ class Brute_Engine:
thread_engine.wait() thread_engine.wait()
for user in users_found: for user in users_found:
self.bruteforcing_pass(wordpress, user) self.bruteforcing_pass(wordpress, user, passwords_list)
def check_user(self, user, users_found, wordpress): def check_user(self, user, users_found, wordpress):
@ -68,10 +80,10 @@ class Brute_Engine:
name : bruteforcing_pass(self, wordpress) name : bruteforcing_pass(self, wordpress)
description : description :
""" """
def bruteforcing_pass(self, wordpress, user): def bruteforcing_pass(self, wordpress, user, passwords_list):
print info("Starting passwords bruteforce for " + user) print info("Starting passwords bruteforce for " + user)
with open('fuzz/wordlist.lst') as data_file: with open(passwords_list) as data_file:
data = data_file.readlines() data = data_file.readlines()
size = len(data) size = len(data)
thread_engine = ThreadEngine(wordpress.max_threads) thread_engine = ThreadEngine(wordpress.max_threads)

View File

@ -29,12 +29,16 @@ if __name__ == "__main__":
parser.add_argument('--update', action ='store_const', const='update', dest='update', help="Update the database") parser.add_argument('--update', action ='store_const', const='update', dest='update', help="Update the database")
parser.add_argument('--aggressive', action ='store_const', const='aggressive', dest='aggressive', default=False, help="Aggressive scan for plugins/themes") parser.add_argument('--aggressive', action ='store_const', const='aggressive', dest='aggressive', default=False, help="Aggressive scan for plugins/themes")
parser.add_argument('--fuzz', action ='store_const', const='fuzz', dest='fuzz', default=False, help="Fuzz the files") parser.add_argument('--fuzz', action ='store_const', const='fuzz', dest='fuzz', default=False, help="Fuzz the files")
parser.add_argument('--brute', action ='store', dest='brute', default=None, help="Bruteforce users and passwords") parser.add_argument('--brute', action ='store_const', const='brute', dest='brute', default=False, help="Bruteforce users and passwords")
parser.add_argument('--nocheck', action ='store_const', const='nocheck',dest='nocheck', default=False, help="Check for a Wordpress instance") parser.add_argument('--nocheck', action ='store_const', const='nocheck',dest='nocheck', default=False, help="Check for a Wordpress instance")
parser.add_argument('--random-agent', action ='store_const', const='random_agent', dest='random_agent', default=False, help="Random User-Agent") parser.add_argument('--random-agent', action ='store_const', const='random_agent', dest='random_agent', default=False, help="Random User-Agent")
parser.add_argument('--threads', action ='store', dest='max_threads', default=1, help="Number of threads to use") parser.add_argument('--threads', action ='store', dest='max_threads', default=1, help="Number of threads to use")
parser.add_argument('--usernames', action ='store', dest='usernames', default='', help="Usernames to bruteforce")
parser.add_argument('--users-list', action ='store', dest='users_list', default=None, help="Users list for bruteforce")
parser.add_argument('--passwords-list', action ='store', dest='passwords_list', default=None, help="Passwords list for bruteforce")
results = parser.parse_args() results = parser.parse_args()
print results
# Check wordpress url # Check wordpress url
if results.url != None: if results.url != None:
# Disable warning for ssl verify=False # Disable warning for ssl verify=False
@ -49,7 +53,7 @@ if __name__ == "__main__":
wp = Wordpress(format_url(results.url), results.random_agent, results.nocheck, results.max_threads) wp = Wordpress(format_url(results.url), results.random_agent, results.nocheck, results.max_threads)
# Launch bruteforce # Launch bruteforce
Brute_Engine(wp, results.brute) Brute_Engine(wp, results.brute, results.usernames, results.users_list, results.passwords_list)
# Launch fuzzing # Launch fuzzing
Fuzz_Engine(wp, results.fuzz) Fuzz_Engine(wp, results.fuzz)