Monday, March 4, 2019
Home / Programming / Other Languages / WordPress Brute Force Perl Script

WordPress Brute Force Perl Script

Wordpress brute force perl script

WPScan was written in Perl and is a great tool for testing your WordPress security and the prevention of brute force attacks.  This script is also included in the backtrack pen-testing linux distribution.

Currently what this Perl script can do:

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Timbthumb file enumeration
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, …)

Useful commands contained in the script:

Only the ‘–url’ option:
Enumerate wordpress usernames.
 The ‘–wordlist’ option:
Enumerate wordpress usernames.
Start a dictionary attack on all usernames enumerated.
 The ‘–username’ option:
Specify a single username to start the dictionary attack on.

A quick demonstration in backtrack:

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …