Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/inmymine7/xmlrpc-brute-force

XML-RPC brute force refers to a type of cyberattack where an attacker repeatedly attempts to guess usernames and passwords via the XML-RPC interface in WordPress.
https://github.com/inmymine7/xmlrpc-brute-force

brute-force wordpress-brute-force wordpress-bruteforce wpbf xmlrpc xmlrpc-api xmlrpc-bruteforcer

Last synced: about 1 month ago
JSON representation

XML-RPC brute force refers to a type of cyberattack where an attacker repeatedly attempts to guess usernames and passwords via the XML-RPC interface in WordPress.

Host: GitHub
URL: https://github.com/inmymine7/xmlrpc-brute-force
Owner: InMyMine7
Created: 2023-05-24T10:31:11.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-06-11T19:03:30.000Z (6 months ago)
Last Synced: 2024-06-12T03:49:25.223Z (6 months ago)
Topics: brute-force, wordpress-brute-force, wordpress-bruteforce, wpbf, xmlrpc, xmlrpc-api, xmlrpc-bruteforcer
Language: Python
Homepage:
Size: 863 KB
Stars: 3
Watchers: 1
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

## MASS XMLRPC Brure Force

XML-RPC brute force refers to a type of cyberattack where an attacker repeatedly attempts to guess usernames and passwords via the XML-RPC interface in WordPress.

- XML-RPC Interface: WordPress provides an XML-RPC interface via the xmlrpc.php script, enabling remote procedure calling using HTTP and XML.
- Attack Method: Attackers use tools to automate the process of trying different username and password combinations until they gain unauthorized access to the CMS.
- Risk: Brute force attacks pose a significant security risk, potentially leading to unauthorized access, data breaches, and website defacement.

## Requirements
- Python 3.x
- The requests package (`requests` and `colorama`)

## Key Features
- Auto search username wordpress.
- With module threading to make fastest brute force.
- Support http/https in ur list.
- Add password at passwd.txt and don't delete it
- Result brute at g00d.txt

## Password Features
- [WPLOGIN] = username wordpress
- [UPPERLOGIN] = username with capslock example ADMIN
- [DOMAIN] = domain.com
- [UPPERDOMAIN] = domain with capslock example DOMAIN.COM
- [FULLDOMAIN] = https://domain.com
## How To Usage

```
python3 xml.py
```
## DISCLAIMER
This script should only be used for educational purposes and ethical hacking. Unauthorized access to computer systems is illegal and unethical. Ensure you have explicit permission before testing any system. AND WE DO NOT CONDONE ANY ILLEGAL ACTIVITIES