PentestTools
Penetration Testing Tools. Cyber Security and Technology News.
  • Facebook
  • Twitter
  • YouTube
  • Tumblr
  • Home
  • Tools
    • Cryptography and Encryption
    • Exploitation Tools
    • Information Gathering
    • Man-In-The-Middle
    • Mobile Security
    • Network Tools
    • Password Attacks
    • Pentest Linux Distributions
    • Post Exploitation
    • Reporting Tools
    • Reverse Engineering
    • Stress Testing
    • System Administration
    • Vulnerability Analysis
    • Web Application Security
    • Wireless Attacks
  • Shop
  • Articles
  • Video Tutorials
  • Contact Us
Zmap - A Fast Single Packet Network Scanner Designed For Internet-wide Network Surveys

Zmap – Single Packet Network Scanner Designed For Internet-wide Network Surveys

Sigurlx - A Web Application Attack Surface Mapping Tool

Sigurlx – A Web Application Attack Surface Mapping Tool

MetaFinder - Search For Documents In A Domain Through Google

MetaFinder – Search For Documents In A Domain Through Google

WPCracker - WordPress User Enumeration And Login Brute Force Tool

WPCracker – WordPress User Enumeration And Login Brute Force Tool

CDK - Zero Dependency Container Penetration Toolkit

CDK – Zero Dependency Container Penetration Toolkit

Reconftw - Simple Script For Full Recon

Reconftw – Simple Script For Full Recon

MobileHackersWeapons - Mobile Hacker's Weapons / A Collection Of Cool Tools Used By Mobile Hackers

MobileHackersWeapons – Mobile Hacker’s Weapons / A Collection Of Cool Tools

Git-Wild-Hunt - A Tool To Hunt For Credentials In Github Wild AKA Git*Hunt

Git-Wild-Hunt – A Tool To Hunt For Credentials In Github Wild AKA Git*Hunt

HosTaGe - Low Interaction Mobile Honeypot

HosTaGe – Low Interaction Mobile Honeypot

BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation

BigBountyRecon – Utilises 58 Different Techniques On Intial Reconnaissance On The Target Organisation

Token-Hunter - Collect OSINT For GitLab Groups And Members And Search The Group And Group Members' Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets

Token-Hunter – Collect OSINT For GitLab Groups And Members

ImHex - A Hex Editor For Reverse Engineers, Programmers And People That Value Their Eye Sight When Working At 3 AM.

ImHex – Hex Editor For Reverse Engineers, Programmers

MyJWT - A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)

MyJWT – A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)

SysWhispers2 - AV/EDR Evasion Via Direct System Calls

SysWhispers2 – AV/EDR Evasion Via Direct System Calls

ByteDance-HIDS - A Cloud-Native Host-Based Intrusion Detection Solution Project To Provide Next-Generation Threat Detection And Behavior Audition With Modern Architecture

ByteDance-HIDS – Next-Generation Intrusion Detection Solution Project

PentestTools
  • Home
  • Tools
    • Cryptography and Encryption
    • Exploitation Tools
    • Information Gathering
    • Man-In-The-Middle
    • Mobile Security
    • Network Tools
    • Password Attacks
    • Pentest Linux Distributions
    • Post Exploitation
    • Reporting Tools
    • Reverse Engineering
    • Stress Testing
    • System Administration
    • Vulnerability Analysis
    • Web Application Security
    • Wireless Attacks
  • Shop
  • Articles
  • Video Tutorials
  • Contact Us
PentestTools
  • Home
  • Tools
    • Cryptography and Encryption
    • Exploitation Tools
    • Information Gathering
    • Man-In-The-Middle
    • Mobile Security
    • Network Tools
    • Password Attacks
    • Pentest Linux Distributions
    • Post Exploitation
    • Reporting Tools
    • Reverse Engineering
    • Stress Testing
    • System Administration
    • Vulnerability Analysis
    • Web Application Security
    • Wireless Attacks
  • Shop
  • Articles
  • Video Tutorials
  • Contact Us
  • Facebook
  • Twitter
  • YouTube
  • Tumblr
Web Application Security

WPCracker – WordPress User Enumeration And Login Brute Force Tool

May 1, 2021
2 Min Read
WPCracker - WordPress User Enumeration And Login Brute Force Tool
Mazen Elzanaty MazenElzanatyMazenElzanatyMazenElzanaty
Add Comment

[sc name=”ad_1″]

WordPress user enumeration and login Brute Force tool for Windows and Linux

With the Brute Force tool, you can control how aggressive an attack you want to perform, and this affects the attack time required. The tool makes it possible to adjust the number of threads as well as how large password batches each thread is tested at a time. However, too much attack power can cause the victim’s server to slow down.

For example, When I attacked to my local server, it takes about two days to go through the rockyou.txt (14,341,564 unique passwords) when I used the program’s presets for the number of threads (12) and the size of the batches (1000).

In this article, “victim” refers to the attacked WordPress site in pentest lab. Attacking a WordPress site for which you do not have permission may be illegal.

Using:

User Enumeration

.WPCracker.exe --enum -u <Url to victims WordPress page> -o <Output file path (OPTIONAL)>

OR JUST

.WPCracker.exe --enum

In this case, the program only requests the required information

Brute Force

Using program’s presets

.WPCracker.exe --brute -u <Url to victims WordPress page> -p <Path to wordlist> -n <Username> -o <Output file path (OPTIONAL)>

OR JUST

.WPCracker.exe --brute

In this case, the program only requests the required information

Using with custom settings

.WPCracker.exe --brute -u <Url to victims WordPress page> -p <Path to wordlist> -n <Username> -t <Max threads> -c <Batch maximum size>

Get help

.WPCracker.exe --brute -?

This is for ethical use only 🙂

Thank’s for adamabdelhamed’s PowerArgs

 

Download WPCracker


[sc name=”ad-in-article”]

TagsBrute Brute-force Enumeration Force linux Login tool User User Enumeration windows Wordpress Wordpress Site WPCracker

You may also like

Kenzer - Automated Web Assets Enumeration And Scanning
Web Application Security

Kenzer – Automated Web Assets Enumeration And Scanning

December 26, 2020
0D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)
Web Application Security

0D1N v3.4 – Automating Customized Attacks Against Web Applications

December 25, 2020
Fuzzilli - A JavaScript Engine Fuzzer
Web Application Security

Fuzzilli – A JavaScript Engine Fuzzer

November 25, 2020

About the author

View All Posts

Mazen Elzanaty

Add Comment

Click here to post a comment

Cancel reply

Sigurlx – A Web Application Attack Surface Mapping Tool
XSS-Scanner – XSS Scanner That Detects Cross-Site Scripting Vulns
Comment

Topics

  • Articles416
  • Cryptography and Encryption32
  • Exploitation Tools292
  • Forensics Tools23
  • Information Gathering254
  • Man-In-The-Middle19
  • Mobile Security19
  • Network Tools73
  • Password Attacks48
  • Pentest Linux Distributions24
  • Post Exploitation32
  • Reporting Tools11
  • Reverse Engineering44
  • Security Tools99
  • Shop5
  • Stress Testing1
  • System Administration92
  • Video Tutorials74
  • Vulnerability Analysis157
  • Web Application Security56
  • Wireless Attacks29

Archive

  • May 2021 (6)
  • April 2021 (9)
  • January 2021 (25)
  • December 2020 (60)
  • November 2020 (60)
  • October 2020 (62)
  • September 2020 (60)
  • August 2020 (60)
  • July 2020 (65)
  • June 2020 (69)
  • May 2020 (65)
  • April 2020 (2)
  • November 2019 (9)
  • October 2019 (39)
  • September 2019 (42)
  • April 2019 (1)
  • March 2019 (29)
  • February 2019 (58)
  • January 2019 (61)
  • December 2018 (62)
  • November 2018 (44)
  • October 2018 (76)
  • August 2018 (4)
  • July 2018 (27)
  • June 2018 (33)
  • May 2018 (17)
  • April 2018 (22)
  • March 2018 (35)
  • February 2018 (45)
  • January 2018 (58)
  • December 2017 (144)
  • November 2017 (106)
  • October 2017 (184)
Copyright © 2020. PentestTools
May 17, 2025
  • Facebook
  • Twitter
  • YouTube
  • Tumblr