shell finder

1. <html>
2. <head>
3. <title>Portal C0DE</title>
4. <link rel="SHORTCUT ICON" href="favicon.png" type="image/png">
5. <meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/>
6. <meta name="keywords" content="No Code No life"/>
7. <meta name="description" content="No Code No life">
8. <meta name="author" content="No Code No life">
9. <meta name='rating' content='general' />
10. <meta name='geo.country' content='id' />
11. <meta name='geo.placename' content='Indonesia' />
12. <meta name='robots' content='all'/>
13. <meta name='robots' content='index, follow' />
14. <meta name='robots schedule' content='auto'/>
15. <meta name='revisit-after' content='1 days' />
16. <meta name='googlebot' content='index,follow'/>
17. <meta name='distribution' content='global'/>
18. <meta contact='koruptor.gov@gmail.com'/>
19. <link rel="stylesheet" href='https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css'>
20. <style>
21. @import url('https://fonts.googleapis.com/css?family=Permanent+Marker|Nova+Square|Supermercado+One|VT323');
22. body {
23. background-color: #2C3A49;
24. background-repeat: no-repeat;
25. background-position: center;
26. background-size: 100% 100%;
27. background-attachment: fixed;
28. color: white;
29. text-align: center;
30. font-size: 10pt;
31. font-family: 'Supermercado One', cursive;
32. letter-spacing: 2px;
33. line-height: 25px;
34. }
35. h1 {
36. font-family: 'VT323', cursive;
37. }
38. .header {
39. padding-top: 10%;
40. font-size: 56pt;
41. }
42. .content{
43. font-size:16pt;
44. }
45. .footerholder {
46. background: none repeat scroll 0 0 transparent;
47. bottom: 0;
48. position: fixed;
49. text-align: right;
50. width: 100%;
51. font-family: 'Nova Square', cursive;
52. }
53.  
54. .footer {
55. background: none repeat scroll 0 0 transparent;
56. margin: auto;
57. font-family: 'Nova Square', cursive;
58. width: 90%;
59. }
60. a {
61. color:#ffffff;
62. text-decoration:blink;
63. transition:all .30s ease-in-out;
64. }
65.  
66. a:hover{
67. color:#2980B9;
68. }
69. .blinking-cursor {
70. font-weight: 100;
71. font-size: 20px;
72. color: white;
73. font-family: 'VT323', monospace;
74. -webkit-animation: 1s blink step-end infinite;
75. -moz-animation: 1s blink step-end infinite;
76. -ms-animation: 1s blink step-end infinite;
77. -o-animation: 1s blink step-end infinite;
78. animation: 1s blink step-end infinite;
79. }
80.  
81. @keyframes 'blink' {
82. from, to {
83. color: transparent;
84. }
85. 50% {
86. color: white;
87. }
88. }
89.  
90. @-moz-keyframes blink {
91. from, to {
92. color: transparent;
93. }
94. 50% {
95. color: white;
96. }
97. }
98.  
99. @-webkit-keyframes 'blink' {
100. from, to {
101. color: transparent;
102. }
103. 50% {
104. color: white;
105. }
106. }
107.  
108. @-ms-keyframes 'blink' {
109. from, to {
110. color: transparent;
111. }
112. 50% {
113. color: white;
114. }
115. }
116.  
117. @-o-keyframes 'blink' {
118. from, to {
119. color: transparent;
120. }
121. 50% {
122. color: white;
123. }
124. }
125. </style>
126. </head>
127. <div class='header'>
128. <center><h2>Shell Finder</h2>
129. <form action="" method="post">
130. <input type="text" size="50" name="traget" value="http://www.site.com/"/>
131. <br>
132. <br>
133. <input name="scan" value="Start Scaning" style="width: 215px;" type="submit">
134. </form><span style="color:red">
135. <?php
136. if (isset($_POST["scan"])) {
137. $url = $_POST['traget'];
138. echo "</br><span class='start'></br>Scanning </br></br></br>".$url."</br></br></span>";
139. echo "</br><h4>Result :</h4></br>";
140. $shells = array("WSO.php","idx.php","indo.php","xai.php","noname.php","images/indo.php","images/ind.php","images/noname.php","wp-content/uploads/plugins/xaisyndicate/xaishell.php","wp-content/plugins/asu/ea.php","dz.php","cpanel.php","cpn.php","sql.php","mysql.php","madspot.php","cp.php","cpbt.php","sYm.php",
141. "x.php","r99.php","lol.php","jo.php","wp.php","whmcs.php","shellz.php","d0main.php","d0mains.php","users.php",
142. "Cgishell.pl","killer.php","changeall.php","2.php","Sh3ll.php","dz0.php","dam.php","user.php","dom.php","whmcs.php",
143. "vb.zip","r00t.php","c99.php","gaza.php","1.php","wp.zip"."wp-content/plugins/disqus-comment-system/disqus.php",
144. "d0mains.php","wp-content/plugins/akismet/akismet.php","madspotshell.php","Sym.php","c22.php","c100.php",
145. "wp-content/plugins/akismet/admin.php#","wp-content/plugins/google-sitemap-generator/sitemap-core.php#",
146. "wp-content/plugins/akismet/widget.php#","Cpanel.php","zone-h.php","tmp/user.php","tmp/Sym.php","cp.php",
147. "tmp/madspotshell.php","tmp/root.php","tmp/whmcs.php","tmp/index.php","tmp/2.php","tmp/dz.php","tmp/cpn.php",
148. "tmp/changeall.php","tmp/Cgishell.pl","tmp/sql.php","tmp/admin.php","cliente/downloads/h4xor.php",
149. "whmcs/downloads/dz.php","L3b.php","d.php","tmp/d.php","tmp/L3b.php","wp-content/plugins/akismet/admin.php",
150. "templates/rhuk_milkyway/index.php","templates/beez/index.php","admin1.php","upload.php","up.php","vb.zip","vb.rar",
151. "admin2.asp","uploads.php","sa.php","sysadmins/","admin1/","administration/Sym.php","images/Sym.php",
152. "/r57.php","/wp-content/plugins/disqus-comment-system/disqus.php","/shell.php","/sa.php","/admin.php",
153. "/sa2.php","/2.php","/gaza.php","/up.php","/upload.php","/uploads.php","/templates/beez/index.php","shell.php","/amad.php",
154. "/t00.php","/dz.php","/site.rar","/Black.php","/site.tar.gz","/home.zip","/home.rar","/home.tar","/home.tar.gz",
155. "/forum.zip","/forum.rar","/forum.tar","/forum.tar.gz","/test.txt","/ftp.txt","/user.txt","/site.txt","/error_log","/error",
156. "/cpanel","/awstats","/site.sql","/vb.sql","/forum.sql","/backup.sql","/back.sql","/data.sql","wp.rar/",
157. "wp-content/plugins/disqus-comment-system/disqus.php","asp.aspx","/templates/beez/index.php","tmp/vaga.php",
158. "tmp/killer.php","whmcs.php","tmp/killer.php","tmp/domaine.pl","tmp/domaine.php","useradmin/",
159. "tmp/d0maine.php","d0maine.php","tmp/sql.php","tmp/dz1.php","dz1.php","forum.zip","Symlink.php","Symlink.pl",
160. "forum.rar","joomla.zip","joomla.rar","wp.php","buck.sql","sysadmin.php","images/c99.php", "xd.php", "c100.php",
161. "spy.aspx","xd.php","tmp/xd.php","sym/root/home/","billing/killer.php","tmp/upload.php","tmp/admin.php",
162. "Server.php","tmp/uploads.php","tmp/up.php","Server/","wp-admin/c99.php","tmp/priv8.php","priv8.php","cgi.pl/",
163. "tmp/cgi.pl","downloads/dom.php","templates/ja-helio-farsi/index.php","webadmin.html","admins.php",
164. "/wp-content/plugins/count-per-day/js/yc/d00.php", "admins/","admins.asp","admins.php","wp.zip","wso2.5.1","pasir.php","pasir2.php","up.php","cok.php","newfile.php","upl.php",".php","a.php","crot.php","kontol.php","hmei7.php","jembut.php","memek.php","tai.php","rabit.php","indoxploit.php","a.php","hemb.php","hack.php","galau.php","HsH.php","indoXploit.php","asu.php","wso.php","lol.php","idx.php","rabbit.php","1n73ction.php","k.php","mailer.php","mail.php","temp.php","c.php","d.php","IDB.php","indo.php","indonesia.php","semvak.php","ndasmu.php","chonx.php","as.php","ad.php","aa.php","file.php","peju.php","asd.php","configs.php","ass.php","z.php");
165. foreach ($shells as $shell){
166. $headers = get_headers("$url$shell"); //
167. if (eregi('200', $headers[0])) {
168. echo "<a href='$url$shell'>$url$shell</a> <span class='found'>Done </span></br></br></br>"; //
169. $dz = fopen('shells.txt', 'a+');
170. $suck = "$url$shell";
171. fwrite($dz, $suck."\n");
172. }
173. }
174. echo "<h4>Shell [ <a href='./shells.txt' target='_blank'>shells.txt</a> ]</span></br></h4>";
175. }
176. ?>
177. </div>
178. <div class='content'>
179. <i class="fa fa-facebook-square" aria-hidden="true"></i>&nbsp;<a href='https://www.facebook.com/TatsumiCrew/' target='_blank'>Facebook</a>
180. </div>
181. Copyright <i class="fa fa-copyright" aria-hidden="true"></i> Arvan Apriyana | Ganda Tatsumi
182. </div>
183. </div>
184. </html>