Updates global options and bruteforce engine

README.md

@@ -33,13 +33,18 @@ python main.py -u "http://localhost/wordpress" --update --random-agent
 ```
 
 Example 2 : Basic bruteforce (option --brute, option --nocheck)
+* bruteforce customs usernames
+```
+python main.py -u "http://127.0.0.1/wordpress/" --brute --usernames "admin,guest" --passwords-list fuzz/wordlist.lst
+```
+* bruteforce with usernames list
+```
+python main.py -u "http://127.0.0.1/wordpress/" --brute --users-list fuzz/wordlist.lst --passwords-list fuzz/wordlist.lst
+```
+* bruteforce detected users
+```
+python main.py -u "http://127.0.0.1/wordpress/" --brute --passwords-list fuzz/wordlist.lst
 ```
-python main.py -u "http://127.0.0.1/wordpress/" --brute fuzz/wordlist.lst
-python main.py -u "http://127.0.0.1/wordpress/" --brute admin
-
---brute file.lst : Will bruteforce every username and their password
---brute username : Will bruteforce the password for the given username
-it will also try to bruteforce the password for the detected users.
 
 
 

engine/brute.py

@@ -12,36 +12,48 @@ from wordpress import *
 from thread_engine import ThreadEngine
 
 class Brute_Engine:
-	def __init__(self, wordpress, brute):
-		if brute != None:
+	def __init__(self, wordpress, brute, usernames, users_list, passwords_list):
+		# bruteforce customs users passed in --brute
+		# ex: --brute admin,guest,foo
+		if brute:
+			if usernames:
+				users_to_brute = usernames.split(',')
+				for user in users_to_brute:
+					user = user.replace(' ', '')
+					print notice("Bruteforcing " + user)
+					self.bruteforcing_pass(wordpress, user, passwords_list)
 
-			# Bruteforce username
-			if os.path.isfile(brute):
-				self.bruteforcing_user(wordpress)
+			# Bruteforce with usernames list
+			elif users_list:
+				for file_list in [users_list, passwords_list]:
+					if not os.path.isfile(file_list):
+						print critical("Can't found %s file" % file_list)
+						exit()
+				# launch users & passwords bruteforce
+				self.bruteforcing_user(wordpress, users_list, passwords_list)
 
+
+			# if users detected, bruteforce them
 			else:
 				if len(wordpress.users) != 0:
-					print notice("Bruteforcing detected users")
+					if not os.path.isfile(passwords_list):
+						print critical("Can't found %s file" % passwords_list)
+						exit()
+
+					print notice("Bruteforcing detected users: {}".format(wordpress.users))
 					for user in wordpress.users:
 						print info("User found "+ user['slug'])
-						self.bruteforcing_pass(wordpress, user['slug'])
+						self.bruteforcing_pass(wordpress, user['slug'], passwords_list)
 
-				else:
-					print notice("Bruteforcing " + brute)
-					print info("User found "+ brute)
-					self.bruteforcing_pass(wordpress, brute)
-
-			# Exit the bruteforce
-			exit()
 
 	"""
 	name        : bruteforcing_user(self, wordpress)
 	description :
 	"""
-	def bruteforcing_user(self, wordpress):
+	def bruteforcing_user(self, wordpress, users_list, passwords_list):
 		print notice("Bruteforcing all users")
 
-		with open('fuzz/wordlist.lst') as data_file:
+		with open(users_list) as data_file:
 			data   = data_file.readlines()
 			thread_engine = ThreadEngine(wordpress.max_threads)
 			users_found = []
@@ -52,7 +64,7 @@ class Brute_Engine:
 			thread_engine.wait()
 
 			for user in users_found:
-				self.bruteforcing_pass(wordpress, user)
+				self.bruteforcing_pass(wordpress, user, passwords_list)
 
 
 	def check_user(self, user, users_found, wordpress):
@@ -68,10 +80,10 @@ class Brute_Engine:
 	name        : bruteforcing_pass(self, wordpress)
 	description :
 	"""
-	def bruteforcing_pass(self, wordpress, user):
+	def bruteforcing_pass(self, wordpress, user, passwords_list):
 		print info("Starting passwords bruteforce for " + user)
 
-		with open('fuzz/wordlist.lst') as data_file:
+		with open(passwords_list) as data_file:
 			data  = data_file.readlines()
 			size  = len(data)
 			thread_engine = ThreadEngine(wordpress.max_threads)

main.py

@@ -29,12 +29,16 @@ if __name__ == "__main__":
 	parser.add_argument('--update', action ='store_const', const='update', dest='update', help="Update the database")
 	parser.add_argument('--aggressive', action ='store_const', const='aggressive', dest='aggressive', default=False, help="Aggressive scan for plugins/themes")
 	parser.add_argument('--fuzz', action ='store_const', const='fuzz', dest='fuzz', default=False, help="Fuzz the files")
-	parser.add_argument('--brute', action ='store', dest='brute', default=None, help="Bruteforce users and passwords")
+	parser.add_argument('--brute', action ='store_const', const='brute', dest='brute', default=False, help="Bruteforce users and passwords")
 	parser.add_argument('--nocheck', action ='store_const', const='nocheck',dest='nocheck', default=False, help="Check for a Wordpress instance")
 	parser.add_argument('--random-agent', action ='store_const', const='random_agent', dest='random_agent', default=False, help="Random User-Agent")
 	parser.add_argument('--threads', action ='store', dest='max_threads', default=1, help="Number of threads to use")
+	parser.add_argument('--usernames', action ='store', dest='usernames', default='', help="Usernames to bruteforce")
+	parser.add_argument('--users-list', action ='store', dest='users_list', default=None, help="Users list for bruteforce")
+	parser.add_argument('--passwords-list', action ='store', dest='passwords_list', default=None, help="Passwords list for bruteforce")
 	results = parser.parse_args()
 
+	print results
 	# Check wordpress url
 	if results.url != None:
 		# Disable warning for ssl verify=False
@@ -49,7 +53,7 @@ if __name__ == "__main__":
 		wp = Wordpress(format_url(results.url), results.random_agent, results.nocheck, results.max_threads)
 
 		# Launch bruteforce
-		Brute_Engine(wp, results.brute)
+		Brute_Engine(wp, results.brute, results.usernames, results.users_list, results.passwords_list)
 
 		# Launch fuzzing
 		Fuzz_Engine(wp, results.fuzz)