Closed aress31 closed 7 years ago
Thanks for the feedback! I'll definitely look into some of these features and will let you know.
You are welcome! Also being able to input a username list (text file containing one username per lines) and to set the number of wp.getUsersBlog method calls inside of the system.multicall would be welcome.
It would be great too to add a proxy function. Thanks!
You could use environment variables, like this: os.environ['http_proxy'] = '127.0.0.1:8080'
all nice but u guys could always modify and set a pull request with the necesaary changes, if u have the skills to...
@AresS31 latest script improvements now supports an array of usernames. Closing this out for now to cleanup the backlog but if anyone has any other improvements, please send a pull request.
Hi, Nice script! It would be even better if a verbose mode (-v) could be implemented to make sure that everything is going according to our plans (it is boring to monitor the network activity with tcpdump :) ). Moreover, if any initial tests could be performed before launching the attack to make sure that the target is 100% vulnerable to the amplified xmlrpc brute forcing attack it would be a very good feature (a security mechanismes is to return false response for all the requests as soon as a single request with incorrect credentials has been made, no matter if the next one has valid credentials). Adding multithreading and proxy capabilities would be a good idea as well. Best regards, Alexandre