XMLRPC : An Brute Forcer Targeting WordPress Written In Python 3

An XMLRPC brute forcer targeting WordPress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second.

Usage

— python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username
— python3 xmlrpcbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt userlist.txt ( >>in progess<<)

Bugs

If you get an xml.etree.ElementTree.ParseError:

  • Did you forget to add ‘xmlrpc’ in the url ?
  • Try to add or remove ‘https’ or ‘www’.

I’m working on the Exception Handling. Will fix it soon.

Also Read – UniFuzzer : A Fuzzing Tool For Closed-Source Binaries Based On Unicorn & LibFuzzer

Download
R K

Share
Published by
R K
Tags: Brute ForcerPython 3WordpressXMLRPC
6 years ago

Recent Posts

How to Use the Linux find Command to Locate Files Like a Pro

Managing files efficiently is a core skill for anyone working in Linux, whether you're a…

23 hours ago

How to Check Open Ports in Linux Using netstat, ss, and lsof

Open ports act as communication endpoints between your Linux system and the outside world. Every…

24 hours ago

Best Endpoint Monitoring Tools for 2026

Introduction In today’s cyber threat landscape, protecting endpoints such as computers, smartphones, and tablets from…

3 days ago

Best 9 Incident Response Automation Tools

Introduction In today's fast-paced cybersecurity landscape, incident response is critical to protecting businesses from cyberattacks.…

3 days ago

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

2 months ago

The Evolution of Cloud Technology: Where We Started and Where We’re Headed

Image credit:pexels.com If you think back to the early days of personal computing, you probably…

3 months ago