Disclaimer: Although vBully makes it laughably easy to hack & crack vBulletin passwords, the intention of this project is to (hopefully) pursuade vBulletin forum admins affected by the ForumRunner exploit to switch to something a little less awful.
vBully is an auto-exploiter for the ForumRunner vulnerability (CVE-2016-6195). This work is based on the work of Manish Kishan Tanwar AKA error1046 (https://twitter.com/IndiShell1046). This tool has the expanded ability to parse the results post-SQL-Injection and grab the dumped user table hashes. It then saves the hashes to a file and proceeds to crack (dictionary attack) the password hashes based on the md5(md5(password).salt) formula used by vBulletin.
vBully v.2.0.0
Dependencies:
+ Ruby v2.3.x or Higher
+ gibberish mechanize colorize ruby modules.
Usage:
git clone https://github.com/drewlong/vbully && cd vbully gem install gibberish mechanize colorize vbully -u http://example.com/forums -c -w rockyou.txt -o example vbully -u http://example.com/forums -d 3 -o example
Source: https://github.com/drewlong