A password cracker for WordPress (WP-CLI)
Quick links: Using | Installing | Credits
wp wtr
Wapuu the Ripper - a tool to crack user passwords.
wp wtr [--role=<role>] [--<field>=<value>] [--top=<top>] [--all] [--hide] [--no-guessing]
Based on Drop the Ripper for Drupal.
Users can be filtered via arguments supported by WP_User_Query().
Only check users with a certain role.
Filter users by one or more arguments of WP_User_Query().
Use the top x passwords from the wordlist (default is 25).
Use all of the passwords from the wordlist.
Do not show plaintext passwords in output.
Disables built-in password guessing (e.g. username as password).
Path to a custom wordlist (default is openwall's password list).
wp wtr
wp wtr --top=100 --role=administrator
wp wtr --all --role__not_in=subscriber
wp wtr --exclude=1 --hide
wp wrt --wordlist=/tmp/rockyou.txt --include=2,3,4
You can install this package with:
wp package install git@github.com:mcdruid/wapuu-the-ripper.git
- WtR uses a default wordlist from http://www.openwall.com/wordlists
- https://ayesh.me/ for suggesting the name!