Skip to content

🧾 A script that can determine whether a website is vulnerable to xmlrpc DOS.

License

Notifications You must be signed in to change notification settings

wannabewastaken/xmlrpc-dos

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

xmlrpc-dos

A script that can determine whether a website is vulnerable to xmlrpc DOS.

Version Stargazers

 

Usage

./xmlrpc-dos.sh <url>

Value Description
url Target url (e.g. 'https://dummy.com' or 'http://dummy.com')

How to install

This script required dependencies of curl >= 7.88.1 or higher.

Termux

Make sure you have already installed git if you don't, run the code above.

> pkg update -y
> pkg install git -y

Let's cloning it into your computer.

> git clone https://github.com/wannabewastaken/xmlrpc-dos
Kali-Linux

Make sure you have already installed git if you don't, run the code above.

> sudo apt update -y
> sudo apt install git -y

Let's cloning it into your computer.

> git clone https://github.com/wannabewastaken/xmlrpc-dos

Disclaimer

The use of the xmlrpc-dos is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program.

References

◉ WP XML-RPC DoS https://gist.github.com/ethicalhack3r/60a3ea6d7c86c7ace891
◉ Adelittle repo https://github.com/Adelittle/wpdos
◉ Adelittle blog https://www.nakanosec.com/2022/03/riset-xmlrpc-ddos-attack-bypass-waf.html