{"id":19166367,"url":"https://github.com/1n3/wordpress-xmlrpc-brute-force-exploit","last_synced_at":"2025-04-04T22:05:23.017Z","repository":{"id":2130525,"uuid":"44493376","full_name":"1N3/Wordpress-XMLRPC-Brute-Force-Exploit","owner":"1N3","description":"Wordpress XMLRPC System Multicall Brute Force Exploit (0day)  by 1N3 @ CrowdShield","archived":false,"fork":false,"pushed_at":"2022-05-31T19:09:08.000Z","size":23,"stargazers_count":460,"open_issues_count":3,"forks_count":196,"subscribers_count":39,"default_branch":"master","last_synced_at":"2025-03-28T21:04:35.053Z","etag":null,"topics":["0day","exploit","poc","wordpress","wordpress-xmlrpc","xml-rpc"],"latest_commit_sha":null,"homepage":"https://crowdshield.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/1N3.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-10-18T19:42:23.000Z","updated_at":"2025-03-23T16:52:24.000Z","dependencies_parsed_at":"2022-09-15T21:41:51.180Z","dependency_job_id":null,"html_url":"https://github.com/1N3/Wordpress-XMLRPC-Brute-Force-Exploit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1N3%2FWordpress-XMLRPC-Brute-Force-Exploit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1N3%2FWordpress-XMLRPC-Brute-Force-Exploit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1N3%2FWordpress-XMLRPC-Brute-Force-Exploit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1N3%2FWordpress-XMLRPC-Brute-Force-Exploit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/1N3","download_url":"https://codeload.github.com/1N3/Wordpress-XMLRPC-Brute-Force-Exploit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247256110,"owners_count":20909240,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["0day","exploit","poc","wordpress","wordpress-xmlrpc","xml-rpc"],"created_at":"2024-11-09T09:32:29.797Z","updated_at":"2025-04-04T22:05:22.985Z","avatar_url":"https://github.com/1N3.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Wordpress XMLRPC System Multicall Brute Force Exploit by 1N3\nLast Updated: 20170215\nhttps://crowdshield.com\n\n## ABOUT: \nThis is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress (3.5.1). The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to \"brute force\" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.\n\n## USAGE: \n```\n./wp-xml-brute http://target.com/xmlrpc.php passwords.txt username1 [username2] [username3]...\n```\n\n## LICENSE:\nThis software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.\n\n## DONATIONS:\nDonations are welcome. This will help fascilitate improved features, frequent updates and better overall support.\n- [x] BTC 1Fav36btfmdrYpCAR65XjKHhxuJJwFyKum\n- [x] DASH XoWYdMDGb7UZmzuLviQYtUGb5MNXSkqvXG\n- [x] ETH 0x20bB09273702eaBDFbEE9809473Fd04b969a794d\n- [x] LTC LQ6mPewec3xeLBYMdRP4yzeta6b9urqs2f","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1n3%2Fwordpress-xmlrpc-brute-force-exploit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F1n3%2Fwordpress-xmlrpc-brute-force-exploit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1n3%2Fwordpress-xmlrpc-brute-force-exploit/lists"}