Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

0xWPBF – WordPress Users Enumerate and Brute Force Attack

WordPress is a popular CMS which is been used by many web-based applications for providing the service to the end-users. WordPress CMS contains the version which is been updated due to resolved bugs and CVEs. The outdated version can make the Web-based Application vulnerable to cyber threats. Identification of Versions and detection of hidden files and directories on the domain server is also a part of Information Gathering.

0xWPBF is an automated tool developed in the Python Language which performs various types of Information Collection on WordPress Sites. 0xWPBF tool gathers information like CMS Version, Files, and Directories, Plugins, Usernames, etc. This information can be used to make the methodology while performing Penetration Testing on the domain. 0xWPBF tool is available on the GitHub platform, it’s free and open-source to use.



Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of 0xWPBF Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.



git clone https://github.com/0xAbdullah/0xWPBF.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd 0xWPBF

Step 3: You are in the directory of the 0xWPBF. Now list the contents of the 0xWPBF tool using the following command.

ls

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 0xwpbf.py -h

Working with 0xWPBF Tool on Kali Linux OS

Example:  URL of the target WordPress site

python3 0xwpbf.py -url http://geeksforgeeks.org

We have got the WordPress CMS Version used by http://geeksforgeeks.org domain.

We have got the Files and Directories available on the domain server.

We have got the Users list from http://geeksforgeeks.org.

Article Tags :
Linux-Unix
Recommended Articles
1. W3brute - Automatic Web Application Brute Force Attack Tool
2. Brute Force Attack in Metasploit
3. Brutespray - Port Scanning and Automated Brute Force Tool
4. CrawlBox - Easy Way to Brute-force Web Directory
5. SubBrute – Tool For Subdomain Brute Force
6. Brutex - Open Source Tool for Brute Force Automation
7. How to use Hydra to Brute-Force SSH Connections?
8. Brutal - Create various Payload, PowerShell Attack, Virus Attack and Launch Listener for a HID
9. Tugarecon - Enumerate Subdomains Using Modules in Kali Linux
10. DNSrr - Tool to Enumerate Juicy Information from DNS
11. Sd Goo - Enumerate Subdomains Through Google Dorks
12. NTLMRecon - Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints
13. URLBrute – Tool to Brute Forcing Website Sub-Domains and Directories
14. Haklistgen - Turns Any Junk Text Into A Usable Wordlist For Brute-Forcing
15. Blazy – Open Source Modern Login Brute-forcer
16. Brute-Forcing WPS Pins with Reaver in Linux
17. Monitoring Linux Users and Processes in Real Time Using whowatch
18. Users in Linux System Administration
19. users command in Linux with Examples
20. How to Access All Users in Linux Using Different Commands?
21. How to Send a Message to Logged Users in Linux Terminal?
22. How to Monitor Linux Commands Executed by System Users in Real-time?
23. Create multiple users using shell script in Linux
24. limits.conf File To Limit Users, Process In Linux With Examples
25. 7 Linux Commands For Managing Users