xmlrpc-hunt is simple tool for find XML-RPC Pingback DDoS Vulnerability. it can be used for bug bounty hunters for find XML-RPC Pingback DDoS Vulnerability and exploit.
*) first tool (xmlrpc-finder.sh) checks xmlrpc.php is enabled or not in all domains in "subdomains.txt" *) if yes, tool check for pingback.ping enabled or not.
- list out all subdomain to text file "subdomains.txt"
- run bash xmlrpc-finder.sh
- run bash xmlrpc-ping-exploit.sh
https://hackerone.com/reports/325040 https://hackerone.com/reports/752073