Skip to content
/ wp-xmlrpc-bruteforce Public

Attempt to Brute-force a WordPress website User Credentials using XMLRPC

License

MIT license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

moeenn/wp-xmlrpc-bruteforce

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
dict
dict
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

WordPress XMLRPC Exploit

Brute-force a WordPress website user login credentials

Usage

Usage of ./main:
  -dict string
        A text dictionary containing passwords to try (default "dict.txt")
  -routines int
        Maximum number of Goroutines to spawn (default 10)
  -url string
        URL to WordPress website to target (without trailing /) (default "https://www.wordpress-site.com")
  -user string
        Username to brute-force (default "admin")

Where do I get the Website Usernames?

You can use the excellent WPScan to Enumerate username for any vulnerable WordPress website.

Compilation & Execution

$ make build
$ ./args -dict ./dict/dict.txt -url "http://localhost:8000" -user "admin" -routines 5

About

Attempt to Brute-force a WordPress website User Credentials using XMLRPC

Topics

go cli golang wordpress bruteforce brute-force-attacks cli-app concurrent dictionary-attack crack wpscan xmlrpc xmlrpc-bruteforcer bruteforce-password-cracker

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages