Bruteforcing XMLRPC on wordpress still working world wide in 2025 that so many hacker using that method to attack
WP XMLRPC 10 Macros brute developed by Russia hacker also this tools very interesting because tools smart work to auto grab user of wordpress with api enumerate if not found wp useradmin login this tools will use default admin login to guess work with password lists
another feature in this tools can help you edit password or customization list password and combine with information website to build custom password
found WPLOGIN = admin
example [WPLOGIN]123456 (result comine password will be admin123456
