cmsBruteForce — Multithreaded BruteForce CMS and FTP

Supported systems:

  • WordPress (with getting an administrator login when the getLogin option is enabled)
  • Joomla
  • Drupal
  • MOD-X
  • OpenCart
  • Bitrix
  • FTP
  • ISP Manager

Key feature:

  • SOCKS5/4 and HTTP/S proxy support with or without verification. Automatic updating of the proxy list by timer
  • 3 testing algorithms (Link – >Login->Pass-1 stream – 1 link. Inside the stream, all usernames and passwords are searched and applied to the link given in the stream. If you need to check 1 link, the check will go in one thread.
    Link – >Login->Pass v2-1 stream-set Link-Login-Pass. A Link-Login-Pass is sent to the stream input. After checking the recruitment thread will have to wait for the next set. If you need to check 1 link, the check will go to several (specified in the program number) threads.
  • Minimize the program to the tray (hidden mode)
  • Write test results to files or to a remote database (including the. php script accessed by the program and
  • Speed up testing due to the “Bad on error ” function, which excludes links from the database that did not respond to several attempts to get the desired response from them (403, 500, and other errors).
  • Detailed logging (for those who want to be aware of all events)


Resale of the program is prohibited. The authors reserve the right to refuse to sell the license without explanation. A unique key is issued upon purchase. When the program starts, the key is requested and bound to the current device. You can change the binding completely automatically by running the program on another device and specifying your key. The number of bindings per day is limited to one (you can change devices every day, but not several times a day). There is no version without hardware binding.

Technical  support:

Technical Support for working with the program is not provided. At the same time, if there are any problems in the program, we guarantee our most careful participation in solving them.

WSO Shell Uploader – Mass Shell Upload after bruteforce

We offer you a program for the Windows operating system that will allow you to easily and quickly upload a WSO shell or any other to a site running the following management systems:

  • Joomla 1.5 / Joomla 2.5 / Joomla 3.xx
  • WordPress 3.xx / WordPress 4.xx
  • Drupal 6.xx / Drupal 7.xx
  • FTP

Working with the program is very simple. You throw a list of links of the form; login; pass the program automatically detects the management system and loads the shell.

For filling shells on FTP, we developed a unique method for searching the directory for filling, as well as a unique mechanism for finding the necessary domain name if FTP has the form

WSO Shell Manager (English Version)

The program is designed to automate the script WSO. If you have many servers with a script and there is a need constantly to make    any changes to the files sites, look for the files you want to delete or download, this program will allow you to without difficulty to do the job.

Program features:

  • Create and edit files (framing) (write your code, the ability to write files can be recorded after a certain tag, you can write to multiple files, you can write to files with a certain extension, you can not write code if this already exists, you can specify the directory to search for files, you can specify multiple directories to search, you can use regular expressions, it is possible to save the template records)
  • Deleting files (allows you to remove certain files from the specified directory)
  • Search and replace text can be previewed results.
  • Upload files to the specified directory (after download link is formed species, if the file is downloaded to the directory above the directory site, the path of the form /var/www/file.php
  • Upload and unzip the archive
  • Upload folder with files on the server
  • The ability to download the necessary files from the server (if the team does not work tar, zip)
  • Search domains on the server (through directories and search through the Apache config files if a sufficient level of rights)
  • Installing Backdoors for recovery shell WSO (if the script file is accidentally deleted or accidentally, the ability to install multiple backdoors)
  • Automatic recovery WSO through the backdoor installed
  • Removal of foreign shells WSO and PAS (search for specific lines of code)
  • Definition of SEO-indicators (TIC, PR, AlexaRank)
  • Checking the IP-100 server blacklist
  • Creation tool redirects through the shells (creating short links to spam and other problems)
  • Performing BASH / PHP commands (command execution result is displayed in the log)
  • Determination of CMS (based on the directory structure on the server)
  • Installing SOCKS on shell (the output is the address Socks)
  • Checking the status of the shells (deleted or removed, breaking the 99%, spent months testing)
  • Work through the Proxy, built proxy checker
  • Ability to add and hide the necessary data column of shell (URL, Country, Status, Password, Comment, all data on the server, Tits, PR, IP, etc)
  • Ability to add a comment to Shell
  • Stores all the files that were downloaded and edited, allows you to get quick access to them
  • Multithreading
  • Sorting shells on the necessary parameters
  • Ability to set your User-agent (for those with a shell opens only when certain user-agents)
  • Mass SQL requests
  • Search and replace text in database Mysql (auto find login and pass db for joomla/wp)