Scan urls or a single URL against XMLRPC wordpress issues.
usage:
- Download from releases: https://github.com/devpwn/xmlrpc-scan/releases
- Or Compiling by yourself
- Verify if XMLRPC interface from Wordpress is open;
- Testing all possible SSRF methods against xmlrpc wordpress;
- Testing the SSRF oem proxy https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/wordpress
- Generate unique url from each ssrf attempt;
- List of wordpress urls
cat urls.txt | xmlrpcscan -server http://burpcollaborator.net- Single URL
xmlrpcscan -target https://target.com -server http://burpcollaborator.net