Let's write an NSE script to brute force WordPress accounts:
- Create the file http-wordpress-brute.nse and fill the required information tags:
description = [[ performs brute force password auditing against Wordpress CMS/blog installations. This script uses the unpwdb and brute libraries to perform password guessing. Any successful guesses arestored using the credentials library. Wordpress default uri and form names: * Default uri:<code>wp-login.php</code> * Default uservar: <code>log</code> * Default passvar: <code>pwd</code> ]] author = "Paulino Calderon <calderon()websec.mx>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"intrusive", "brute"}
- Load the required libraries: ...
