"Your WordPress site's best friend"
Project description
WordSmash
"Your WordPress site's best friend" - Nobody.
Features
- Automatically enumerates WordPress usernames
- Scrapes email addresses
- Support for dynamic, site-specific values in passwords
- Checks email account credentials for performing password reset attack
- Multithreded
Installation
Requires python 3.9 or later.
Install with pip:
pip install wordsmash
Install from GitHub:
pip install git+https://github.com/TheArchivist01/wordsmash.git
Options
--wordlist: List of sites to attempt accessing
--site-list: List of sites to attempt accessing
--dynamic-wordlist: Enable dynamic placeholder values in wordlist
--persist: Continue trying to find additional logins for a site after login success
--threads: Maximum number of sites to check in parallel
Dynamic Wordlist?
The dynamic wordlist feature allows you to use placeholder values in the wordlist. Currently a password can contain {username} or {domain}.
Example: Logging into examplesite.com as "admin"
{username}123 -> admin123
{domain}pass -> examplesitepass
{username}@{domain} -> admin@examplesite
More from The Archivist 01
Additional credits
@ph03n1x69 for helping with the wordpress login test.
Disclaimer
WordSmasher is intended to be used for educational and research purposes.
The Archivist and other contributors are not responsible for damages caused by the use of this tool.
See the LICENSE file for more details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for WordSmash-0.0.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 142a04ecdc04f2667299a8ca9bc45a1c8ba5e78fbea20d88201be9b32146a7c5 |
|
| MD5 | 7bdf49d00e1abf013dbbeff42b883090 |
|
| BLAKE2b-256 | 873b50c83d0231a02836b4009aaa073e9063f725afbdc952724609b5065b8baa |
