/wp-bruteforcer

WordPress XMLRPC amplification bruteforce tool

Primary LanguagePHP

WP Bruteforcer

A simply PHP CLI Tool / Lib to bruteforce WordPress XMLRPC using amplification.

More info: here

Requirements

  • PHP 5.3+
  • Composer
composer install

Usage

php wpbruteforcer.php bruteforce http://wordpress.org/ --wordlist wordlist.txt --username admin

If none username is provided, the tool will enumerate the WordPress users and attack all of them.

php wpbruteforcer.php bruteforce http://wordpress.org/ --wordlist wordlist.txt

You can also just enumerate users with:

php wpbruteforcer.php enumerate http://wordpress.org/ --limit 20

To get a list of options use:

php wpbruteforcer.php -h