Tuesday, January 9, 2018
Home / Programming / Other Languages / WordPress Brute Force Perl Script

WordPress Brute Force Perl Script

Wordpress brute force perl script

WPScan was written in Perl and is a great tool for testing your WordPress security and the prevention of brute force attacks.  This script is also included in the backtrack pen-testing linux distribution.

Currently what this Perl script can do:

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Timbthumb file enumeration
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, …)

Useful commands contained in the script:

Only the ‘–url’ option:
Enumerate wordpress usernames.
 The ‘–wordlist’ option:
Enumerate wordpress usernames.
Start a dictionary attack on all usernames enumerated.
 The ‘–username’ option:
Specify a single username to start the dictionary attack on.

A quick demonstration in backtrack:

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …

  • Neo

    I need a really really simple perl script or any automatic script you can code , Basically i need to have a .txt file where i can paste urls eg – http://www.domain.com/admin

    And i need the script to automatically try username ” Admin ” and then my password list which is only a custom admin login dictionary.

    So basically i’m scanning for admin logins with easy to guess passwords.

    Can you do this, it is not illegal it is for pen-test purposes

    I would like to run this script in Linux-Backtrack 5.

    *** Similar to this script http://www.securitytube.net/video/4447 ***

    But i need to add multiple URLS to the txt file and add my own password dictionary.txt