How to do it...

Let's write an NSE script to brute force WordPress accounts:

  1. Create the file http-wordpress-brute.nse and fill the required information tags:
   description = [[    performs brute force password auditing against Wordpress     CMS/blog installations.    This script uses the unpwdb and brute libraries to perform       password guessing. Any successful guesses arestored using the       credentials library.    Wordpress default uri and form names:    * Default uri:<code>wp-login.php</code>    * Default uservar: <code>log</code>    * Default passvar: <code>pwd</code>     ]]    author = "Paulino Calderon <calderon()websec.mx>"    license = "Same as Nmap--See http://nmap.org/book/man-legal.html"    categories = {"intrusive", "brute"} 
  1. Load the required libraries: ...

Get Nmap: Network Exploration and Security Auditing Cookbook - Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.