search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.6k stars 1.27k forks source link

unable to enumeration user from a txt file #1393

Closed rafiahmad16 closed 5 years ago

rafiahmad16 commented 5 years ago

unable to enumeration user from a txt file

Your environment

Steps to reproduce

wpscan --url http://10.0.2.7 --passwords /root/Desktop/fsocity_uniq.txt why i am using --password for username i found in help List of passwords to use during the password attack. If no --username/s option supplied, user enumeration will be run

Expected behavior

Brute force to find the username

Actual behavior

Scan Aborted: divided by 0 Trace: /usr/share/rubygems-integration/all/gems/wpscan-3.5.3/app/finders/passwords/xml_rpc_multicall.rb:41:in /' /usr/share/rubygems-integration/all/gems/wpscan-3.5.3/app/finders/passwords/xml_rpc_multicall.rb:41:inattack' /usr/share/rubygems-integration/all/gems/wpscan-3.5.3/app/controllers/password_attack.rb:42:in run' /usr/share/rubygems-integration/all/gems/cms_scanner-0.5.0/lib/cms_scanner/controllers.rb:48:ineach' /usr/share/rubygems-integration/all/gems/cms_scanner-0.5.0/lib/cms_scanner/controllers.rb:48:in block in run' /usr/lib/ruby/2.5.0/timeout.rb:76:intimeout' /usr/share/rubygems-integration/all/gems/cms_scanner-0.5.0/lib/cms_scanner/controllers.rb:43:in run' /usr/share/rubygems-integration/all/gems/cms_scanner-0.5.0/lib/cms_scanner/scan.rb:24:inrun' /usr/share/rubygems-integration/all/gems/wpscan-3.5.3/bin/wpscan:16:in block in <top (required)>' /usr/share/rubygems-integration/all/gems/cms_scanner-0.5.0/lib/cms_scanner/scan.rb:15:ininitialize' /usr/share/rubygems-integration/all/gems/wpscan-3.5.3/bin/wpscan:6:in new' /usr/share/rubygems-integration/all/gems/wpscan-3.5.3/bin/wpscan:6:in<top (required)>' /usr/bin/wpscan:23:in load' /usr/bin/wpscan:23:in

'

What have you already tried

Search on google but i did not found any solution. hence i created my own python script to enumeration username but i feel like if this feature will work in wpscan that will save our time.

erwanlr commented 5 years ago

It is unclear what you are trying to do.

The --passwords takes the path of the passwords list to use in the password attack. If the --usernames option is not given, then the username enumeration will be run.

Then, you can provide a list of usernames to use in the password attack, via the --usernames option.

If you want to enumerate the users, it's the --enumerate u option, which can be coupled with he --users-list option

Also, your /root/Desktop/fsocity_uniq.txt file seems to be empty.

rafiahmad16 commented 5 years ago

oh. i am doing it wrong way thanks --users-list works for me to enumerate users from a txt file or list. But --users-list is not mention in wpscan -h. Thanks

erwanlr commented 5 years ago

At the end of the help there is [!] To see full list of options use --hh. which then displays advanced options such as --users-list

rafiahmad16 commented 5 years ago

thanks to @erwanlr its help me a alot to find the flag in mrrobot vulnhub machine

hackersden09 commented 4 years ago

in this condition ihave one user and password list then how you brutforce this