XML-Hydra is a tool to bruteforce user passwords via public facing XML-RPC interface in a Wordpress application.
go install github.com/4lch3mis7/xml-hydra@latest
| Flag | Description |
|---|---|
| -t | Target URL |
| -u | Username |
| -w | Wordlist for passwords |
| -g | Number of goroutines to execute at a time (Default=4) |
| -P | Proxy list |
| -h | Shows help message |
xml-hydra -t https://example.com/xmlrpc.php -u username -w passwords.txt
xml-hydra -t https://example.com/xmlrpc.php -u username -w passwords.txt -P proxies.txt -g 10