Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ibnusyawall/xmlrpc-brute
Wordpress xmlrpc bruteforce tools
https://github.com/ibnusyawall/xmlrpc-brute
education hacking hacktoberfest penetration-testing wordpress
Last synced: about 1 month ago
JSON representation
Wordpress xmlrpc bruteforce tools
- Host: GitHub
- URL: https://github.com/ibnusyawall/xmlrpc-brute
- Owner: ibnusyawall
- Created: 2022-08-10T12:43:22.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-09-26T15:30:42.000Z (over 2 years ago)
- Last Synced: 2024-11-30T16:51:02.475Z (about 1 month ago)
- Topics: education, hacking, hacktoberfest, penetration-testing, wordpress
- Language: JavaScript
- Homepage:
- Size: 10.7 KB
- Stars: 9
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# XMLRPC-BRUTE
[](https://www.codefactor.io/repository/github/ibnusyawall/xmlrpc-brute/overview/main)
Help me!
[Saweria](https://saweria.co/donate/ibnusyawall)
[Paypal.me](https://paypal.me/syawal24)
> This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress. The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.
### Requirements
- NodeJS
### Install
```sh
$ git clone https://github.com/ibnusyawall/xmlrpc-git.git
$ cd xmlrpc-brute
$ npm i
$ node . --help
```
### Usage
```sh
# run
$ node . --siteList --userList --passList
# help
$ node . --help
# example
$ node . --siteList site.txt --userList user.txt --passList pass.txt
```
Any question? contact me at [Whatsapp](https://wa.me/6282299265151) or [Telegram](https://t.me/isywl)