Updates global options and bruteforce engine
parent
d52090579d
commit
3ded7a2cf4
17
README.md
17
README.md
|
@ -33,13 +33,18 @@ python main.py -u "http://localhost/wordpress" --update --random-agent
|
||||||
```
|
```
|
||||||
|
|
||||||
Example 2 : Basic bruteforce (option --brute, option --nocheck)
|
Example 2 : Basic bruteforce (option --brute, option --nocheck)
|
||||||
|
* bruteforce customs usernames
|
||||||
|
```
|
||||||
|
python main.py -u "http://127.0.0.1/wordpress/" --brute --usernames "admin,guest" --passwords-list fuzz/wordlist.lst
|
||||||
|
```
|
||||||
|
* bruteforce with usernames list
|
||||||
|
```
|
||||||
|
python main.py -u "http://127.0.0.1/wordpress/" --brute --users-list fuzz/wordlist.lst --passwords-list fuzz/wordlist.lst
|
||||||
|
```
|
||||||
|
* bruteforce detected users
|
||||||
|
```
|
||||||
|
python main.py -u "http://127.0.0.1/wordpress/" --brute --passwords-list fuzz/wordlist.lst
|
||||||
```
|
```
|
||||||
python main.py -u "http://127.0.0.1/wordpress/" --brute fuzz/wordlist.lst
|
|
||||||
python main.py -u "http://127.0.0.1/wordpress/" --brute admin
|
|
||||||
|
|
||||||
--brute file.lst : Will bruteforce every username and their password
|
|
||||||
--brute username : Will bruteforce the password for the given username
|
|
||||||
it will also try to bruteforce the password for the detected users.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -12,36 +12,48 @@ from wordpress import *
|
||||||
from thread_engine import ThreadEngine
|
from thread_engine import ThreadEngine
|
||||||
|
|
||||||
class Brute_Engine:
|
class Brute_Engine:
|
||||||
def __init__(self, wordpress, brute):
|
def __init__(self, wordpress, brute, usernames, users_list, passwords_list):
|
||||||
if brute != None:
|
# bruteforce customs users passed in --brute
|
||||||
|
# ex: --brute admin,guest,foo
|
||||||
|
if brute:
|
||||||
|
if usernames:
|
||||||
|
users_to_brute = usernames.split(',')
|
||||||
|
for user in users_to_brute:
|
||||||
|
user = user.replace(' ', '')
|
||||||
|
print notice("Bruteforcing " + user)
|
||||||
|
self.bruteforcing_pass(wordpress, user, passwords_list)
|
||||||
|
|
||||||
# Bruteforce username
|
# Bruteforce with usernames list
|
||||||
if os.path.isfile(brute):
|
elif users_list:
|
||||||
self.bruteforcing_user(wordpress)
|
for file_list in [users_list, passwords_list]:
|
||||||
|
if not os.path.isfile(file_list):
|
||||||
|
print critical("Can't found %s file" % file_list)
|
||||||
|
exit()
|
||||||
|
# launch users & passwords bruteforce
|
||||||
|
self.bruteforcing_user(wordpress, users_list, passwords_list)
|
||||||
|
|
||||||
|
|
||||||
|
# if users detected, bruteforce them
|
||||||
else:
|
else:
|
||||||
if len(wordpress.users) != 0:
|
if len(wordpress.users) != 0:
|
||||||
print notice("Bruteforcing detected users")
|
if not os.path.isfile(passwords_list):
|
||||||
|
print critical("Can't found %s file" % passwords_list)
|
||||||
|
exit()
|
||||||
|
|
||||||
|
print notice("Bruteforcing detected users: {}".format(wordpress.users))
|
||||||
for user in wordpress.users:
|
for user in wordpress.users:
|
||||||
print info("User found "+ user['slug'])
|
print info("User found "+ user['slug'])
|
||||||
self.bruteforcing_pass(wordpress, user['slug'])
|
self.bruteforcing_pass(wordpress, user['slug'], passwords_list)
|
||||||
|
|
||||||
else:
|
|
||||||
print notice("Bruteforcing " + brute)
|
|
||||||
print info("User found "+ brute)
|
|
||||||
self.bruteforcing_pass(wordpress, brute)
|
|
||||||
|
|
||||||
# Exit the bruteforce
|
|
||||||
exit()
|
|
||||||
|
|
||||||
"""
|
"""
|
||||||
name : bruteforcing_user(self, wordpress)
|
name : bruteforcing_user(self, wordpress)
|
||||||
description :
|
description :
|
||||||
"""
|
"""
|
||||||
def bruteforcing_user(self, wordpress):
|
def bruteforcing_user(self, wordpress, users_list, passwords_list):
|
||||||
print notice("Bruteforcing all users")
|
print notice("Bruteforcing all users")
|
||||||
|
|
||||||
with open('fuzz/wordlist.lst') as data_file:
|
with open(users_list) as data_file:
|
||||||
data = data_file.readlines()
|
data = data_file.readlines()
|
||||||
thread_engine = ThreadEngine(wordpress.max_threads)
|
thread_engine = ThreadEngine(wordpress.max_threads)
|
||||||
users_found = []
|
users_found = []
|
||||||
|
@ -52,7 +64,7 @@ class Brute_Engine:
|
||||||
thread_engine.wait()
|
thread_engine.wait()
|
||||||
|
|
||||||
for user in users_found:
|
for user in users_found:
|
||||||
self.bruteforcing_pass(wordpress, user)
|
self.bruteforcing_pass(wordpress, user, passwords_list)
|
||||||
|
|
||||||
|
|
||||||
def check_user(self, user, users_found, wordpress):
|
def check_user(self, user, users_found, wordpress):
|
||||||
|
@ -68,10 +80,10 @@ class Brute_Engine:
|
||||||
name : bruteforcing_pass(self, wordpress)
|
name : bruteforcing_pass(self, wordpress)
|
||||||
description :
|
description :
|
||||||
"""
|
"""
|
||||||
def bruteforcing_pass(self, wordpress, user):
|
def bruteforcing_pass(self, wordpress, user, passwords_list):
|
||||||
print info("Starting passwords bruteforce for " + user)
|
print info("Starting passwords bruteforce for " + user)
|
||||||
|
|
||||||
with open('fuzz/wordlist.lst') as data_file:
|
with open(passwords_list) as data_file:
|
||||||
data = data_file.readlines()
|
data = data_file.readlines()
|
||||||
size = len(data)
|
size = len(data)
|
||||||
thread_engine = ThreadEngine(wordpress.max_threads)
|
thread_engine = ThreadEngine(wordpress.max_threads)
|
||||||
|
|
8
main.py
8
main.py
|
@ -29,12 +29,16 @@ if __name__ == "__main__":
|
||||||
parser.add_argument('--update', action ='store_const', const='update', dest='update', help="Update the database")
|
parser.add_argument('--update', action ='store_const', const='update', dest='update', help="Update the database")
|
||||||
parser.add_argument('--aggressive', action ='store_const', const='aggressive', dest='aggressive', default=False, help="Aggressive scan for plugins/themes")
|
parser.add_argument('--aggressive', action ='store_const', const='aggressive', dest='aggressive', default=False, help="Aggressive scan for plugins/themes")
|
||||||
parser.add_argument('--fuzz', action ='store_const', const='fuzz', dest='fuzz', default=False, help="Fuzz the files")
|
parser.add_argument('--fuzz', action ='store_const', const='fuzz', dest='fuzz', default=False, help="Fuzz the files")
|
||||||
parser.add_argument('--brute', action ='store', dest='brute', default=None, help="Bruteforce users and passwords")
|
parser.add_argument('--brute', action ='store_const', const='brute', dest='brute', default=False, help="Bruteforce users and passwords")
|
||||||
parser.add_argument('--nocheck', action ='store_const', const='nocheck',dest='nocheck', default=False, help="Check for a Wordpress instance")
|
parser.add_argument('--nocheck', action ='store_const', const='nocheck',dest='nocheck', default=False, help="Check for a Wordpress instance")
|
||||||
parser.add_argument('--random-agent', action ='store_const', const='random_agent', dest='random_agent', default=False, help="Random User-Agent")
|
parser.add_argument('--random-agent', action ='store_const', const='random_agent', dest='random_agent', default=False, help="Random User-Agent")
|
||||||
parser.add_argument('--threads', action ='store', dest='max_threads', default=1, help="Number of threads to use")
|
parser.add_argument('--threads', action ='store', dest='max_threads', default=1, help="Number of threads to use")
|
||||||
|
parser.add_argument('--usernames', action ='store', dest='usernames', default='', help="Usernames to bruteforce")
|
||||||
|
parser.add_argument('--users-list', action ='store', dest='users_list', default=None, help="Users list for bruteforce")
|
||||||
|
parser.add_argument('--passwords-list', action ='store', dest='passwords_list', default=None, help="Passwords list for bruteforce")
|
||||||
results = parser.parse_args()
|
results = parser.parse_args()
|
||||||
|
|
||||||
|
print results
|
||||||
# Check wordpress url
|
# Check wordpress url
|
||||||
if results.url != None:
|
if results.url != None:
|
||||||
# Disable warning for ssl verify=False
|
# Disable warning for ssl verify=False
|
||||||
|
@ -49,7 +53,7 @@ if __name__ == "__main__":
|
||||||
wp = Wordpress(format_url(results.url), results.random_agent, results.nocheck, results.max_threads)
|
wp = Wordpress(format_url(results.url), results.random_agent, results.nocheck, results.max_threads)
|
||||||
|
|
||||||
# Launch bruteforce
|
# Launch bruteforce
|
||||||
Brute_Engine(wp, results.brute)
|
Brute_Engine(wp, results.brute, results.usernames, results.users_list, results.passwords_list)
|
||||||
|
|
||||||
# Launch fuzzing
|
# Launch fuzzing
|
||||||
Fuzz_Engine(wp, results.fuzz)
|
Fuzz_Engine(wp, results.fuzz)
|
||||||
|
|
Loading…
Reference in New Issue