https://github.com/4lch3mis7/xml-hydra
XML-Hydra is a tool to bruteforce user passwords via public facing XML-RPC interface in a Wordpress application.
https://github.com/4lch3mis7/xml-hydra
amplification bruteforce bugbounty golang password password-attack pentesting-tools vapt wordpress xml-rpc
Last synced: 3 months ago
JSON representation
XML-Hydra is a tool to bruteforce user passwords via public facing XML-RPC interface in a Wordpress application.
- Host: GitHub
- URL: https://github.com/4lch3mis7/xml-hydra
- Owner: 4lch3mis7
- License: mit
- Created: 2024-03-17T09:12:23.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2025-03-22T07:19:00.000Z (about 1 year ago)
- Last Synced: 2026-03-06T05:58:34.957Z (3 months ago)
- Topics: amplification, bruteforce, bugbounty, golang, password, password-attack, pentesting-tools, vapt, wordpress, xml-rpc
- Language: Go
- Homepage:
- Size: 15.6 KB
- Stars: 4
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# XML-Hydra
XML-Hydra is a tool to bruteforce user passwords via public facing XML-RPC interface in a Wordpress application.
## Installation
```
go install github.com/4lch3mis7/xml-hydra@latest
```
## Usage
| Flag | Description
|------|-------------
| -t | Target URL
| -u | Username
| -w | Wordlist for passwords
| -g | Number of goroutines to execute at a time (Default=4)
| -P | Proxy list
| -h | Shows help message
## Example
```
xml-hydra -t https://example.com/xmlrpc.php -u username -w passwords.txt
```
```
xml-hydra -t https://example.com/xmlrpc.php -u username -w passwords.txt -P proxies.txt -g 10
```