«YAWPP» stands for «Yet Another WordPress Poster.» It’s an open-source command-line utility designed to verify the validity of WordPress credentials. Additionally, it enables users to automate tasks such as publishing posts and modifying the author’s biography and website using the WP RPC API, provided the API is enabled.

The initial version of YAWPP was released on January 2, 2023, garnering significant attention from users. It was the pioneering open-source automatic checker and poster highly valued within the red team community. Users from forums like xss.is, blackhatworld.com, and other underground communities embraced the tool, swiftly refining its functionality through active participation in the development process. Currently, the utility is in version 0.4.23 and is quite stable.

  • Posts are in HTML format.
  • Posts are randomly picked up from the post folder.
  • Biography and website can be updated along with adding a post, too.
  • Date of a post is taken randomly from the past year.
  • With -a (--noduplicate) option set to true, the script will search for a post in the wordpress site with the same title as a chosen post for publishing and will not publish the post again if already found on the site. Note, that this can be very slow and so by default this option is set to false.
  • The biography of the wordpress author is updated from a file specified by -b option. For example, the file can contain
    <Trusted by <a href="http://myfile.com">http://myfile.com</a>
  • The website of the wordpress author is updated from an argument of -w option, for example
    -w https://myfile.net
    .

Project site

править

https://bitbucket.org/0xsky/yawpp/src/master/