Home Web Application Security WPCracker – WordPress User Enumeration and Login Brute Force Tool

WPCracker – WordPress User Enumeration and Login Brute Force Tool

July 2, 2021 Leave a Comment
wpcracker - wordpress pentest tool to perform user enumeration and brute force the login panel

WPCracker

WPCracker is a wordpress pentest tool to perform user enumeration and brute force the login panel. This tool is working both on Windows and Linux

With the Brute Force tool, you can control how aggressive an attack you want to perform, and this affects the attack time required. The tool makes it possible to adjust the number of threads as well as how large password batches each thread is tested at a time. However, too much attack power can cause the victim’s server to slow down.

For example, When I attacked to my local server, it takes about two days to go through the rockyou.txt (14,341,564 unique passwords) when I used the program’s presets for the number of threads (12) and the size of the batches (1000).

In this article, “victim” refers to the attacked WordPress site in pentest lab. Attacking a WordPress site for which you do not have permission may be illegal.


Using

User Enumeration

.\WPCracker.exe –enum -u (Url to victims WordPress page) -o (Output file path *OPTIONAL*)

or just type

.\WPCracker.exe –enum

In this case, the program only requests the required information.

Brute Force WordPress Site

Using program’s presets

.\WPCracker.exe –brute -u (Url to victims WordPress page) -p (Path to wordlist) -n (Username) -o (Output file path *OPTIONAL*)

or just type

.\WPCracker.exe –brute

In this case, the program only requests the required information.

Using with custom settings

.\WPCracker.exe –brute -u (Url to victims WordPress page) -p (Path to wordlist) -n (Username) -t (Max threads) -c (Batch maximum size)

Get help

.\WPCracker.exe –brute -?

Screenshot

WPCracker - WordPress User Enumeration and Login Brute Force Tool xploitlab

Disclaimer: This is for ethical use only!

Download WPCracker

You May Also Like

OpenRedireX - Open Redirect Scanner and Fuzzer Tool

OpenRedireX – Open Redirect Scanner and Fuzzer Tool

Bypass 403 - Simple Script Tool For Bypassing 403 Forbidden Response

Bypass 403 – Simple Script For Bypassing 403 Forbidden Response

Burpgpt - Connect OpenAI gpt with burp suite to detect security vulnerabilities that traditional scanners might miss

Burpgpt –  Integrate OpenAI GPT with Burp Suite to Discover Highly Bespoke Vulnerabilities

WaybackSQLiScanner automatically gather urls from wayback machine then test each GET parameter for sql injection

waybackSqliScanner – Tool to Gather URLs from Wayback Machine Then Test For SQL Injection

Commix - Tool to automates the process of command injection detection and exploitation

Commix – Automated OS Command Injection Exploitation Tool

FFUF - Fast Web Fuzzing Tool

FFUF – Fast Web Fuzzing Tool

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × 3 =