Nettacker fails running wp_xmlrpc_bruteforce_vuln module on Python 3.11 with database errors and undefined constants

[08062003]

Issue Description:
Attempting to run the OWASP Nettacker command below on Kali Linux with Python 3.11 encounters fatal errors preventing execution:

text
python3.11 nettacker.py -i 192.168.29.62 -m wp_xmlrpc_bruteforce_vuln
Errors observed include:

PHP Fatal error for missing WordPress DB tables (wordpress_vuln.wp_options does not exist)

PHP Fatal errors about undefined constants such as DB_USER in WordPress wp-includes/load.php

Deprecated warnings about dynamic property creation in WordPress core (wpdb)

The WordPress instance used by the target returns "500 Internal Server Error" for /wordpress-vuln/

Diagnostic steps already taken:

Used correct DB credentials in WordPress wp-config.php

Verified file permissions and ownership set to www-data

Confirmed Apache, PHP (with necessary modules) and MariaDB are properly installed and running

Database wordpress_vuln exists with user wpuser, matching credentials in wp-config.php

Empty or recreated the database, but tables are missing, causing WordPress setup errors

Attempted WordPress installation wizard; errors persist

Nettacker is run using Python 3.11 on Kali Linux as the target environment

Expected behavior:

Nettacker should successfully run the WordPress XML-RPC brute force module without hitting WordPress-related database or PHP errors on the target web application.

Potential area of concern:

The WordPress target instance under test is misconfigured or incomplete, leading to fatal PHP errors not caused by Nettacker itself but by the WordPress test instance.

Additional notes:

The errors seem related to WordPress target setup rather than Nettacker code, but Nettacker should handle or report gracefully.

Seeking guidance for Nettacker compatibility with WordPress targets running on PHP 8.x and MySQL/MariaDB with correct but incomplete installs.

Environment:
Kali Linux (latest)

Python 3.11

OWASP Nettacker (latest GitHub release)

Target WordPress: WordPress 5.x, PHP 8.x, MariaDB 10.x on Debian 12

Apache 2.4.65

Request:
Assistance or guidance on:

Ensuring Nettacker WP XML-RPC brute force module runs cleanly against WordPress targets with contemporary PHP/MySQL environments

Proper handling/logging of PHP/DB errors during scanning

Any required Nettacker config for Python 3.11 and WordPress 5.x targets

[Rohankaf]

hey @08062003 I have submitted a full fix for this issue in PR #1169
The wp_xmlrpc_bruteforce_vuln module now handles:

• WP 500 errors
• PHP fatal errors
• HTML responses instead of XML
• Misconfigured installs
• WordPress running on port 8080

[pUrGe12]

@Rohankaf please see #1168, the issue has been answered.

[08062003]

This didn't solve the issue 😕