XMLRPC : An Brute Forcer Targeting WordPress Written In Python 3

An XMLRPC brute forcer targeting WordPress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second.

Usage

— python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username
— python3 xmlrpcbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt userlist.txt ( >>in progess<<)

Bugs

If you get an xml.etree.ElementTree.ParseError:

  • Did you forget to add ‘xmlrpc’ in the url ?
  • Try to add or remove ‘https’ or ‘www’.

I’m working on the Exception Handling. Will fix it soon.

Also Read – UniFuzzer : A Fuzzing Tool For Closed-Source Binaries Based On Unicorn & LibFuzzer

Download
R K

Share
Published by
R K
Tags: Brute ForcerPython 3WordpressXMLRPC
7 years ago

Recent Posts

How to Check Website for Malware and Protect Your Site

Website malware is one of the biggest threats for website owners, bloggers, businesses, and WordPress…

9 hours ago

Install Python on Ubuntu 26.04 Like a Pro

If you want to Install Python on Ubuntu systems for development, automation, or scripting, Ubuntu…

11 hours ago

PostfixAdmin Setup on Ubuntu 26.04

Managing virtual mail users manually can quickly become difficult on a busy mail server. That’s…

15 hours ago

How to Add User to Sudoers on Ubuntu Easily

Managing administrative access properly is essential for every Linux system. When you Add User Sudoers…

18 hours ago

Install Google Chrome on Ubuntu in Minutes

Installing Google Chrome on Ubuntu systems is a simple process that gives users access to…

20 hours ago

LAMP Stack Ubuntu 26.04 Installation Guide

Setting up a LAMP Stack Ubuntu server is one of the fastest ways to host…

1 day ago