bruteforce bruteforce-attacks cybersecurity java java-16 java-17 password-cracker password-cracking tool wordpress wordpress-attack wordpress-brute-force wordpress-bruteforce wordpress-xmlrpc xmlrpc-bruteforcer

WordPress XML-RPC BruteForce Tool

With the use of this tool you will be able, given a username and a password dictionary, to bruteforce any given WordPress website through the use of its XML-RPC API.

Disclaimer: For educational purposes only. Not intended for illegal activities. The author is not responsible for any action performed by the software user.

Features

Accepts SOCKS 4/5 Proxies.
Allows to set a Custom Delay to be used when Rate-Limited.
Allows Custom URLs (to use when the XMLRCP.php file has been moved or renamed).
Fast and Reliable (100% Java).
Supports any password dictionary formatted with one password per line.

Example of a password dictionary:

Installation

Download the latest release from here.

Requires Java 17.

How to Use

In a shell run the program with java -jar WordpressXMLBruteForce.jar and configure it with your preferred parameters.

When the program finds a correct match, that is both printed in the shell and saved in a file called LoginDetails; you will find it in the same directory as the jar file.

If you want to run the program in proxy mode you will first have to create a file called Proxies in the same directory as the jar file.
The proxies have to either be SOCKS 4 or 5 and the file has to be formatted with one proxy per line in the format:
IP:PORT.

About

WordPress XMLRPC BruteForce Tool. With the use of this tool you will be able, given a username and a password dictionary, to bruteforce any given WordPress website through the use of its XML-RPC API.

bruteforce bruteforce-attacks cybersecurity java java-16 java-17 password-cracker password-cracking tool wordpress wordpress-attack wordpress-brute-force wordpress-bruteforce wordpress-xmlrpc xmlrpc-bruteforcer

GNU General Public License v3.0

Languages

Language:Java 100.0%