Author: Trix Cyrus
[Try My],Waymap Pentesting tool
[Follow] TrixSec Github
[Join] TrixSec Telegram
Hey Devs! 👋
I'm excited to share my latest project, Brute-XMLRPC, a powerful Python tool designed to automate brute force attacks on WordPress sites via the xmlrpc.php endpoint. Whether you're a penetration tester or exploring web security, this tool will help you uncover vulnerabilities with ease.
Key Features:
- Multi-Threaded Attacks: Speed up your brute force attempts with parallel threads.
-
IP Spoofing: Enhance anonymity with randomly generated IPs (
X-Forwarded-For,X-Real-IP). - Custom Headers: Mimics real browser requests to evade detection.
- User Enumeration: Fetch user info through the WordPress JSON API.
- Progress Tracker: Monitor brute force attempts in real-time.
Installation
Get started by cloning the repo and installing dependencies:
git clone https://github.com/TrixSec/Brute-XMLRPC.git
cd Brute-XMLRPC
Usage
Run the tool with:
python brutexmlrpc.py
Follow the interactive prompts to configure your attack. Provide your target URL, usernames, passwords, and the desired number of threads.
Important:
Brute-XMLRPC is intended for educational and ethical testing purposes only. Always obtain proper authorization before running tests on any site.
Check out the project on GitHub and feel free to contribute or give feedback. Happy hacking! 🚀
~Trixsec
Top comments (0)