0.0.16 • Published 9 years ago
wplogin v0.0.16
wplogin
Log in to Wordpress
Install
npm install
Test Eventual Success Locally
# Will succeed on the 500th request
# Start server locally...
node ./local.js
# In new terminal...
node ./ -d ./dict.example -v -s5 -r -h 'localhost:3000/500'
Test Eventual Block Locally
# Will block incoming requests after 300
# Start server locally...
node ./local.js
# In new terminal...
node ./ -d ./dict.example -v -s5 -r -h 'localhost:3000/-300'
Test Live Website Using Several Dictionaries in One Folder
node ./ -h 'http://www.example.com' -u admin -d ./~dicts -v -s5 -r
Options
- -h HOST The website's root domain Required * Ex: -h 'http://www.example.com'
- -p PATH Path to wp-login.php Default: '/wp-login.php' * Ex: -p '/blog/wp-login.php'
- -u USERNAME Username to test passwords against Default: 'admin' * Ex: -u 'dave'
- -d PATH Path to password list(s) Can be a specific file or a directory Dictionaries must be new-line delimited Default: './dict.example' * Ex: -d ./~dicts
- -t INTEGER Max concurrent curl threads. Lower this to avoid IP blocks. Raise it to increase speed. May need to up your system's process limit. Ex: ulimit -S -n 2048 Default: 8 Ex: -t4
- -r Quit on match found Default: disabled; will continue testing until blocked or dictionary is spent
- -v Verbose Default: disabled
- -s INTEGER Interval in seconds to output stats Default: null (no output) * Ex: -s10
- -f Try all passwords even if the result has been saved locally. You can also simply wipe your ./db folder. Default: disabled; Results from previous script runs will be skipped.
To Do
- Use hyperquest instead of curl. I've benchmarked vastly improved speed and resource allocation efficiency.
- Adaptive curl timing
- Stricter confirmation that we haven't been blocked and don't know it