Finds Wordpress Admin account with commonly used insecure passwords
https://github.com/exavolt/python-phpass
[root@box ~]# python find_bad_wp_passwords.py
[*] Gathering Wordpress Databases
[*] Gathering Wordpress Admin Users
[*] Running Password Comparisons Between Insecure Password List
*******************************Insecure Passwords Found*****************************
[!] Insecure password found for admin user a:test12345 on http://domain.com/a/
************************************Errors Found************************************
[!] All admin users require conversion from MD5 on http://domain.com/bb/
[!] All admin users require conversion from MD5 on http://domain/~isaac/
[!] All admin users require conversion from MD5 on http://domain.com/c/
[!] All admin users require conversion from MD5 on http://domain.com/d/
[!] All admin users require conversion from MD5 on http://domain.com
[!] All admin users require conversion from MD5 on http://domain.com/e
passwords.txt has the top 500 insecure common passwords used. Although any dictionary could be used.
This has potential to be used for negative dictionary attacks but was originally developed to identify and alert blog owners of insecure passwords.