Exemple #1
0
    # check for Login LockDown plugin and load login tasks into tasks queue
    logger.debug("Checking for Login LockDown plugin")
    if wp.check_loginlockdown():
        logger.warning("Login LockDown plugin is active, bruteforce will be useless")
    else:
        # load login check tasks into queue
        logger.debug("Loading wordlist...")
        wordlist = [username.strip() for username in usernames]
        try:
            [wordlist.append(w.strip()) for w in open(config.wordlist, "r").readlines()]
        except IOError:
            logger.error("Can't open '%s' the wordlist will not be used!", config.wordlist)
        logger.debug("%s words loaded from %s", str(len(wordlist)), config.wordlist)
        if args.nokeywords:
            # load into wordlist additional keywords from blog main page
            wordlist.append(wplib.filter_domain(urlparse.urlparse(wp.get_base_url()).hostname))     # add domain name to the queue
            [wordlist.append(w.strip()) for w in wp.find_keywords_in_url(config.min_keyword_len, config.min_frequency, config.ignore_with)]
        logger.info("%s passwords will be tested", str(len(wordlist)*len(usernames)))
        for username in usernames:
            for password in wordlist:
                task_queue.put(wpworker.WpTaskLogin(config.wp_base_url, config.script_path, config.proxy, username=username, password=password, dontstop=args.dontstop, task_queue=task_queue))
        del wordlist

    # start workers
    logger.info("Starting workers...")
    for i in range(config.threads):
        t = wpworker.WpbfWorker(task_queue)
        t.start()

    # feedback to stdout
    while task_queue.qsize() > 0:
Exemple #2
0
 logger.debug("Loading wordlist...")
 wordlist = [username.strip() for username in usernames]
 try:
     [
         wordlist.append(w.strip())
         for w in open(config.wordlist, "r").readlines()
     ]
 except IOError:
     logger.error("Can't open '%s' the wordlist will not be used!",
                  config.wordlist)
 logger.debug("%s words loaded from %s", str(len(wordlist)),
              config.wordlist)
 if args.nokeywords:
     # load into wordlist additional keywords from blog main page
     wordlist.append(
         wplib.filter_domain(
             urlparse.urlparse(wp.get_base_url()).hostname)
     )  # add domain name to the queue
     [
         wordlist.append(w.strip()) for w in wp.find_keywords_in_url(
             config.min_keyword_len, config.min_frequency,
             config.ignore_with)
     ]
 logger.info("%s passwords will be tested",
             str(len(wordlist) * len(usernames)))
 for username in usernames:
     for password in wordlist:
         task_queue.put(
             wpworker.WpTaskLogin(config.wp_base_url,
                                  config.script_path,
                                  config.proxy,
                                  username=username,