WPForce – WordPress Attack Suite

WPForce is a suite of WordPress Attack tools. Currently this contains 2 scripts the first to brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules.

WPForce - WordPress Attack Suite
WPForce – WordPress Attack Suite

Supported features with this tool are:

  • Brute Force via API, not login form bypassing some forms of protection
  • Can automatically upload an interactive shell
  • Can be used to spawn a full featured reverse shell
  • Dumps WordPress password hashes
  • Can backdoor authentication function for plaintext password collection
  • Inject BeEF hook into all pages
  • Pivot to meterpreter if needed

You can read more and download this tool over here: https://github.com/n00py/WPForce

Share