WordPress Brute Force Perl Script

Posted by: FastFlux June 19, 2012 in Other Languages, Programming, Public 1 Comment

WPScan was written in Perl and is a great tool for testing your WordPress security and the prevention of brute force attacks. This script is also included in the backtrack pen-testing linux distribution.

Currently what this Perl script can do:

Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag and from client side files)
Vulnerability enumeration (based on version)
Timbthumb file enumeration
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on plugin name)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, …)

Useful commands contained in the script:

Only the ‘–url’ option:
Enumerate wordpress usernames.

The ‘–wordlist’ option:
Enumerate wordpress usernames.
Start a dictionary attack on all usernames enumerated.

The ‘–username’ option:
Specify a single username to start the dictionary attack on.

A quick demonstration in backtrack:

http://TheMatrix Neo

I need a really really simple perl script or any automatic script you can code , Basically i need to have a .txt file where i can paste urls eg – http://www.domain.com/admin

And i need the script to automatically try username ” Admin ” and then my password list which is only a custom admin login dictionary.

So basically i’m scanning for admin logins with easy to guess passwords.

Can you do this, it is not illegal it is for pen-test purposes

I would like to run this script in Linux-Backtrack 5.

*** Similar to this script http://www.securitytube.net/video/4447 ***

But i need to add multiple URLS to the txt file and add my own password dictionary.txt

ZeroSecurity The Latest Technology News and Tutorials

WordPress Brute Force Perl Script

About FastFlux

Related Articles