Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-wordpress-brute

Script types: portrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/http-wordpress-brute.nse

User Summary

performs brute force password auditing against Wordpress CMS/blog installations.

This script uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are stored using the credentials library.

Wordpress default uri and form names:

  • Default uri:wp-login.php
  • Default uservar: log
  • Default passvar: pwd

Script Arguments

http-wordpress-brute.threads

sets the number of threads. Default: 3

Other useful arguments when using this script are:

  • http.useragent = String - User Agent used in HTTP requests
  • brute.firstonly = Boolean - Stop attack when the first credentials are found
  • brute.mode = user/creds/pass - Username password iterator
  • passdb = String - Path to password list
  • userdb = String - Path to user list

Based on Patrik Karlsson's http-form-brute

http-wordpress-brute.uri

points to the file 'wp-login.php'. Default /wp-login.php

http-wordpress-brute.uservar

sets the http-variable name that holds the username used to authenticate. Default: log

http-wordpress-brute.hostname

sets the host header in case of virtual hosting

http-wordpress-brute.passvar

sets the http-variable name that holds the password used to authenticate. Default: pwd

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

unittest.run

See the documentation for the unittest library.

Example Usage

nmap -sV --script http-wordpress-brute <target>
nmap -sV --script http-wordpress-brute
  --script-args 'userdb=users.txt,passdb=passwds.txt,http-wordpress-brute.hostname=domain.com,
                 http-wordpress-brute.threads=3,brute.firstonly=true' <target>

Script Output

PORT     STATE SERVICE REASON
80/tcp   open  http    syn-ack
| http-wordpress-brute:
|   Accounts
|     0xdeadb33f:god => Login correct
|   Statistics
|_    Perfomed 103 guesses in 17 seconds, average tps: 6

Requires


Author: Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See http://nmap.org/book/man-legal.html

action

action (host, port)

MAIN

Parameters

  • host:
  • port:

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]