From a004748a7f344fde43e16b08316e6d17e413338e Mon Sep 17 00:00:00 2001 From: Royi Hamo <40487829+royiHamo@users.noreply.github.com> Date: Fri, 27 Nov 2020 18:59:08 +0200 Subject: [PATCH] update Readme.md update typos --- README.md | 64 +++++++++++++++++++++++++++---------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index f96a53b..a742b7c 100644 --- a/README.md +++ b/README.md @@ -2,14 +2,14 @@ WP-Exploiter is a tool for testing and exploiting a wide range of WordPress websites. ### Our tool coverage -* Identifying WordPress websites by serval methods. -* Identifying a WordPress version by serval methods -* Enumerating WordPress users by serval methods. +* Identifying WordPress websites by several methods. +* Identifying WordPress versions by several methods +* Enumerating WordPress users by several methods. * Detect & exploit weaknesses in specific versions. ### Requirements -* Python3 (tested on 3.7) -* Python modules as specified on requirments.txt +* Python3 (tested on 3.7). +* Python modules as specified on requirements.txt. ### Default configurations Can be changed at config/conf.json. @@ -17,20 +17,20 @@ Can be changed at config/conf.json. { "http_data": { "max_retries": "The maximum retries for http requests.", - "timeout": "in mil sec", + "timeout": "In mil sec.", "retries_reason": "The reason that will invoke another retry.", - "retries_break_time": "In sec", + "retries_break_time": "In sec.", "user_agent": "User agent for the HTTP requests." }, "detector_data": { "admin_path": "The default WordPress admin panel path.", - "login_path": "The default WordPress login path", - "feed_path": "The default WordPress feed path", - "upgrade_path": "The default WordPress upgrade path", + "login_path": "The default WordPress login path.", + "feed_path": "The default WordPress feed path.", + "upgrade_path": "The default WordPress upgrade path.", "timeout": "Timeout in sec.", "css_path": "common css files at WordPress systems.", - "detect_th": "Smart detector threshold (higher = last sensitive)" + "detect_th": "Smart detector threshold (the lower the number - the higher the sensitivity)." }, "enumerator_data": { @@ -47,7 +47,7 @@ Can be changed at config/conf.json. "exploiter_data": { "WPPluginExploiter": { - "readme_path": "The default WPPluginExploiter class readme path" + "readme_path": "The default WPPluginExploiter class readme path." }, "WPDatabaseResetExploiter": { "readme_path": "The default readme path for this plugin." @@ -63,10 +63,10 @@ Can be changed at config/conf.json. "bruteforce_data": { "success": "The default 'success' cookie for successful login.", - "num_of_threads": "The default number of thread for the bruteforce attack.", - "error_limit": "The error threshold to determinate that this website is not allowing bruteforce.", - "wp_admin": "The login path (default)", - "test_cookie": "Test cookie" + "num_of_threads": "The default number of threads for the bruteforce attack.", + "error_limit": "The error threshold to determine that this website is not allowing bruteforce.", + "wp_admin": "The login path (default).", + "test_cookie": "Test cookie." } } @@ -79,33 +79,33 @@ python cliy.py [COMMAND] [ARGS] ##### Possible commands - * detect - Detect if URL/IP is a WordPress site and try to get the WordPress system version. Args: - 1. --url / -u: The URL/IP to test (for example: http://example.com) + 1. --url / -u: The URL/IP to test (for example: http://example.com). 2. --timeout / -to: Maximum timeout for each HTTP request, in msecs and only integer (for example 100). - 3. --proxy / -p: Proxy (URL/IP) to use, (for example: 192.192.192.192). -* enumerate - Try to enumerate user names of WordPress System, Args: - 1. --url / -u: The URL/IP to test (for example: http://example.com) - 2. --proxy / -p: Proxy (URL/IP) to use, (for example: 192.192.192.192). + 3. --proxy / -p: Proxy (URL/IP) to use (for example: 192.192.192.192). +* enumerate - Try to enumerate user names of WordPress System. Args: + 1. --url / -u: The URL/IP to test (for example: http://example.com). + 2. --proxy / -p: Proxy (URL/IP) to use (for example: 192.192.192.192). 3. minid: The id to start enumerate from (for example 1, will try enumerate user with id 1 and above). 4. maxid: The user id to stop enumerate (for example 5, will try enumerate from the minid until id 5). -* bruteforce - Try to do login Bruteforce and crack passwords with a dictionary attack. +* bruteforce - Try to do login Bruteforce and crack passwords with a dictionary attack. Args: 1. --url / -u: The URL/IP to test (for example: http://example.com) - 2. --proxy / -p: Proxy (URL/IP) to use, (for example: - 3. --usernames / -un: Path to a file containing user names to enumerates (each user name in a separate line). + 2. --proxy / -p: Proxy (URL/IP) to use, (for example: 192.192.192.192). + 3. --usernames / -un: Path to a file containing usernames to enumerates (each username in a separate line). 4. --passwords / -pass: Path to a file containing passwords to try for each username (each password in a separate line). 5. --threads, -t: Number of working threads (default is 1, only integer). -* exploit - Try to exploit WordPress Website and gain control over the admin user. - 1. --url / -u: The URL/IP to test (for example: http://example.com) - 2. --proxy / -p: Proxy (URL/IP) to use, (for example: +* exploit - Try to exploit WordPress Website and gain control over the admin user. Args: + 1. --url / -u: The URL/IP to test (for example: http://example.com). + 2. --proxy / -p: Proxy (URL/IP) to use (for example: 192.192.192.192). 3. --type / -ex: The exploite you wish to try, choose from [time-capsule, reset-database, all]. * readme - prints the readme file. ### Further Attacks -Of course, you can clone & implements other exploits. Our interface is generic and supporting serval exploiting methods. +Of course, you can clone & implement other exploits. Our interface is generic and supports several exploiting methods. ### Automation -WP-Exploiter has the potential to be automated in different ways. This, we going to leave to you. -As an example, you can find it at examples/run.py. +WP-Exploiter has the potential to be automated in different ways. We are going to leave this to you. +You can find an example at examples/run.py. ### Note -* We do not claim the description or purpose of this tool to be 100% accurate. If you see anything which is incorrect in this document, please submit a pull request or open a new issue. -* We do not encourage using it on real websites, this is an educational tool only. We are not responsible for using. \ No newline at end of file +* We do not claim the description or the purpose of this tool to be 100% accurate. If you see anything which is incorrect in this document, please submit a pull request or open a new issue. +* We do not encourage using it on real websites, this is tool is for educational purposes only. We are not responsible for any usage of anyone on this tool.