Skip to content
/ OhMyDoS Public

⛔ Console application abusing Wordpress API called XML-RPC and its functions with aim of Denial-of-Service.

License

GPL-3.0 license
7 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

martinkubecka/OhMyDoS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
guides
guides
 
 
images
images
 
 
LICENSE.md
LICENSE.md
 
 
OhMyDoS.py
OhMyDoS.py
 
 
README.md
README.md
 
 

Repository files navigation

Logo

⛔ OhMyDoS

OhMyDos is a python console application abusing Wordpress API called XML-RPC and its functions system.multicall and pingback.ping with aim of Denial-of-Service.

📝 Pre-requisites

  • Python3.X (download)
  • library called Random User Agents (source code)
    • $ pip install random_user_agent

⚡ Usage

OhMyDos provides 2 operation modes check and attack with ability to automate targeting of multiple Wordpress websites.

Attack Mode

Option Flags

Flags Description
-e Number of entries per one system.multicall (per one POST request)
-r Number of POST request per target

Single Target

$ python3 OhMyDoS.py attack http://pingback.com http://example.com

    ▒█████   ██░ ██     ███▄ ▄███▓▓██   ██▓   ▓█████▄  ▒█████    ██████ 
    ▒██▒  ██▒▓██░ ██▒   ▓██▒▀█▀ ██▒ ▒██  ██▒   ▒██▀ ██▌▒██▒  ██▒▒██    ▒ 
    ▒██░  ██▒▒██▀▀██░   ▓██    ▓██░  ▒██ ██░   ░██   █▌▒██░  ██▒░ ▓██▄   
    ▒██   ██░░▓█ ░██    ▒██    ▒██   ░ ▐██▓░   ░▓█▄   ▌▒██   ██░  ▒   ██▒
    ░ ████▓▒░░▓█▒░██▓   ▒██▒   ░██▒  ░ ██▒▓░   ░▒████▓ ░ ████▓▒░▒██████▒▒
    ░ ▒░▒░▒░  ▒ ░░▒░▒   ░ ▒░   ░  ░   ██▒▒▒     ▒▒▓  ▒ ░ ▒░▒░▒░ ▒ ▒▓▒ ▒ ░
    ░ ▒ ▒░  ▒ ░▒░ ░   ░  ░      ░ ▓██ ░▒░     ░ ▒  ▒   ░ ▒ ▒░ ░ ░▒  ░ ░
      ░ ░     ░  ░  ░   ░      ░    ▒ ▒         ░    ░   ░   ▒     ░  ░  
    
----------------------------------------------------------------------------
[>] Target : http://example.com
[>] Building 2000 pingback calls per one request
[>] Request size: 243.649 kB

[~] Starting attack, press CTRL+C to stop ...
[>] Requests sent : 159

[~] Attack interrupted by keypress

Multiple Targets

$ python3 OhMyDoS.py attack http://pingback.com targets.txt

Check Mode

Single Target

$ python3 OhMyDoS.py check http://example.com

    ▒█████   ██░ ██     ███▄ ▄███▓▓██   ██▓   ▓█████▄  ▒█████    ██████ 
    ▒██▒  ██▒▓██░ ██▒   ▓██▒▀█▀ ██▒ ▒██  ██▒   ▒██▀ ██▌▒██▒  ██▒▒██    ▒ 
    ▒██░  ██▒▒██▀▀██░   ▓██    ▓██░  ▒██ ██░   ░██   █▌▒██░  ██▒░ ▓██▄   
    ▒██   ██░░▓█ ░██    ▒██    ▒██   ░ ▐██▓░   ░▓█▄   ▌▒██   ██░  ▒   ██▒
    ░ ████▓▒░░▓█▒░██▓   ▒██▒   ░██▒  ░ ██▒▓░   ░▒████▓ ░ ████▓▒░▒██████▒▒
    ░ ▒░▒░▒░  ▒ ░░▒░▒   ░ ▒░   ░  ░   ██▒▒▒     ▒▒▓  ▒ ░ ▒░▒░▒░ ▒ ▒▓▒ ▒ ░
    ░ ▒ ▒░  ▒ ░▒░ ░   ░  ░      ░ ▓██ ░▒░     ░ ▒  ▒   ░ ▒ ▒░ ░ ░▒  ░ ░
      ░ ░     ░  ░  ░   ░      ░    ▒ ▒         ░    ░   ░   ▒     ░  ░  
    
----------------------------------------------------------------------------
[>] Checking if XML-RPC for http://example.com is enabled ...
[>] XML-RPC enabled.

Multiple Targets

$ python3 OhMyDoS.py check targets.txt

📮 Resources

📐 Testing Environment Set Up

  • How To Install WordPress with LAMP (link)
  • WordPress in a Docker container (link)

⚠️ Disclaimer

This tool was developed solely for educational purposes only and the author of this tool is no way responsible for any misuse.

About

⛔ Console application abusing Wordpress API called XML-RPC and its functions with aim of Denial-of-Service.

Topics

wordpress dos exploit xml-rpc

Resources

Readme

License

GPL-3.0 license
Activity

Stars

7 stars

Watchers

1 watching

Forks

6 forks
Report repository

Languages