0xWPBF – WordPress Users Enumerate and Brute Force Attack
WordPress is a popular CMS which is been used by many web-based applications for providing the service to the end-users. WordPress CMS contains the version which is been updated due to resolved bugs and CVEs. The outdated version can make the Web-based Application vulnerable to cyber threats. Identification of Versions and detection of hidden files and directories on the domain server is also a part of Information Gathering.
0xWPBF is an automated tool developed in the Python Language which performs various types of Information Collection on WordPress Sites. 0xWPBF tool gathers information like CMS Version, Files, and Directories, Plugins, Usernames, etc. This information can be used to make the methodology while performing Penetration Testing on the domain. 0xWPBF tool is available on the GitHub platform, it’s free and open-source to use.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux
Installation of 0xWPBF Tool on Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/0xAbdullah/0xWPBF.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
Step 3: You are in the directory of the 0xWPBF. Now list the contents of the 0xWPBF tool using the following command.
Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.
python3 0xwpbf.py -h
Working with 0xWPBF Tool on Kali Linux OS
Example: URL of the target WordPress site
python3 0xwpbf.py -url http://geeksforgeeks.org
We have got the WordPress CMS Version used by http://geeksforgeeks.org domain.
We have got the Files and Directories available on the domain server.
We have got the Users list from http://geeksforgeeks.org.