What's new ?
- Grab all wordpress websites on the server via Bing API
- Scan all the possible plugins/themes on each website from a list (provided by the user)
- Brute Force using the correct username and a passwords list via xmlrpc.php *NEW*
- Brute Force using the correct username and a passwords list via wp-login.php *MODIFIED*
- Scan all the possible plugins/themes on each website from security databases *MODIFIED*
- Change the appearance of the tool
Plugins/themes List format:
Code:
XP:wp-content/plugins/XP/lib/exploit.php:Group-XPXP = plugin/theme 's name
wp-content/plugins/XP/lib/exploit.php = plugin/theme 's path
Group-XP = Keyword (clue to double check if its there!)
NOTE: Keyword value is optional in this version
the Tool uses two methods to check plugins and/or themes, which are:
- Keyword.
- Headers Respond.
Passwords list:
Code:
123456
password
admin
whateva--------------
What's new ?
Brute Force using two methods:
- The usual way : wp-login.php
- The new way : xmlrpc.php
Checking plugins and/or themes using two methods:
- Keyword (provided by the user).
- Headers.
Any list could be used with a simple modification as an example:
HERE !
Pictures for Brute Forcing (Success!):
- XMLRPC
- WP-LOGIN
- THIS TOOL WAS WRITTEN FOR EDUCATIONAL PURPOSES. ONLY USE THIS TOOL ON WEBSITES YOU ARE ALLOWED TO TEST
- THE AUTHOR CANNOT AND WILL NOT IN ANY WAY LIABLE FOR ANY LOSS OR DAMAGE ARISING WITH THE USE OF THIS TOOL.
- USE IT UNDER YOUR OWN RISK!
- IF YOU DON'T AGREE WITH WHAT I SAID, PLEASE DON'T USE THIS TOOL.
Before downloading you must have a BING API Hash : HERE
Download from here: WP-ATTCKER
Any problem you could use this thread or GitHub
Đăng nhận xét Blogger Facebook