function enumerate()
{
$return = false;
$str = rtrim($this->type, 's');
if (Config::get('thread')) {
$threads = Config::get('thread');
} else {
$threads = 10;
}
foreach (array_chunk($this->array, $threads) as $chunk) {
foreach ($chunk as $name) {
$urls[] = $this->url . "/wp-content/{$this->type}/" . $name;
}
$respons = HTTPMultiRequest($urls, false);
foreach ($respons as $key => $resp) {
if (stripos($resp, '200 ok') !== false or stripos($resp, '301 moved') !== false) {
$return[] = $chunk[$key];
msg("");
msg("[!] Found {$chunk[$key]} {$str}");
msg("[*] URL: http://wordpress.org/extend/{$this->type}/" . $chunk[$key] . "/");
msg("[*] SVN: http://{$this->type}.svn.wordpress.org/" . $chunk[$key] . "/");
}
}
unset($urls);
}
return $return;
}
private function brute()
{
if (Config::get('protected')) {
msg("[+] Checking if the site is bruteproof");
$brute = new WPBrute($this->url);
if ($protector = $brute->isProtected()) {
foreach ($protector as $plugin) {
msg("[-] The site is protected by " . $plugin . " plugin");
}
return false;
}
}
if (!file_exists(Config::get('uwordlist'))) {
msg("[-] wordlist file does not exist");
return false;
}
$array = file(Config::get('uwordlist'), FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
if (!empty($array)) {
msg("[+] " . count($array) . " " . $str . "list loaded");
}
$chunks = array_chunk($array, $this->threads);
foreach ($chunks as $uchunk) {
foreach ($uchunk as $username) {
$urls[] = $this->url . '/wp-login.php';
$datas[] = ['log=' . urlencode($username) . '&pwd=klol&wp-submit=Log+In&testcookie=1', ['Content-type: application/x-www-form-urlencoded', 'Cookie: wordpress_test_cookie=WP+Cookie+check']];
}
$responses = HTTPMultiRequest($urls, 1, $datas);
foreach ($responses as $key => $resp) {
if (stripos($resp, '200 ok') and stripos($resp, 'invalid username') === false) {
$users[] = $uchunk[$key];
}
}
unset($datas);
unset($urls);
}
return isset($users) ? array_unique($users) : false;
}
function isProtected()
{
$plugins = ['better-wp-security', 'simple-login-lockdown', 'login-security-solution', 'limit-login-attempts', 'bluetrait-event-viewer'];
foreach ($plugins as $plugin) {
$urls[] = $this->url . '/wp-content/plugins/' . $plugin . '/';
}
$response = HTTPRequest($this->url . '/wp-login.php');
$responses = HTTPMultiRequest($urls, false);
if (strpos($response, 'Login LockDown') !== false) {
$pros[] = 'login-lockdown';
}
if (strpos($response, 'LOGIN LOCK') !== false) {
$pros[] = 'login-lock';
}
foreach ($responses as $key => $resp) {
if (stripos($resp, '200 ok') !== false || stripos($resp, '403 forbidden') !== false) {
$pros[] = $plugins[$key];
}
}
return !empty($pros) ? $pros : false;
}