Skip to content

ibnusyawall/xmlrpc-brute

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

XMLRPC-BRUTE

Codefactor

Help me!

Saweria

Paypal.me

This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress. The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.

Requirements

  • NodeJS

Install

$ git clone https://github.com/ibnusyawall/xmlrpc-git.git
$ cd xmlrpc-brute
$ npm i
$ node . --help

Usage

# run
$ node . --siteList <path/to/list> --userList <path/to/list> --passList <path/to/list>

# help
$ node . --help

# example
$ node . --siteList site.txt --userList user.txt --passList pass.txt

Any question? contact me at Whatsapp or Telegram

About

Wordpress xmlrpc bruteforce tools

Topics

wordpress education hacking penetration-testing hacktoberfest

Resources

Readme
Activity

Stars

8 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages