#!/usr/bin/env python import sys,requests,re,warnings,time from multiprocessing.dummy import Pool from colorama import Fore,Style,init init(autoreset=True) fr=Fore.RED fg=Fore.GREEN fy=Fore.YELLOW warnings.filterwarnings('ignore') requests.packages.urllib3.disable_warnings() print(""" [#] Create By :: ⚡ Instagram: @kelelawar_cyber_team ⚡ Telegram channel | https://t.me/exploit99new ⚡ ⚡ CMSKiller - WordPress & Joomla Admin Hunter⚡ """) try: target=[i.strip() for i in open(sys.argv[1],'r',encoding='utf-8',errors='ignore').readlines()] except IndexError: path=str(sys.argv[0]).split('\\') exit('\n [!] Enter <'+path[len(path)-1]+'> ') def URL(url): url=url.strip().lower() if url[-1:]=="/": url=url[:-1] if url.startswith('www.'): url='http://'+url if not url.startswith(('http://','https://')): url='http://'+url return url def check_wp_admin(url): p=['/wp-login.php','/wp-admin/','/wp-admin/admin-ajax.php','/wp-admin/install.php','/wp-admin/upgrade.php'] for x in p: try: r=requests.get(url+x,timeout=8,verify=False,allow_redirects=False,headers=h) if r.status_code in [200,302,301,303]: if x=='/wp-login.php': if 'wp-submit' in r.text or 'log' in r.text or 'pwd' in r.text or 'loginform' in r.text: return True else: return True except: pass return False def check_joomla_admin(url): p=['/administrator/','/administrator/index.php','/admin/','/backend/'] for x in p: try: r=requests.get(url+x,timeout=8,verify=False,allow_redirects=False,headers=h) if r.status_code in [200,302,301,303]: if 'mod-login' in r.text or 'com_login' in r.text or 'joomla' in r.text.lower() or 'admin' in r.text.lower(): return True except: pass return False def wp(src,h): c=[ 'wp-content' in src, 'wp-includes' in src, '/wp-json/' in src, 'xmlrpc.php' in src, 'pingback_url' in src, 'WordPress' in src, 'generator" content="WordPress' in src, 'X-Powered-By: WordPress' in str(h), 'wp-embed' in src, '/wp-admin/' in src, 'wp-cron.php' in src, 'wp-login.php' in src ] for x in c: if x==True: return True return False def joomla(src,h): c=[ '/media/system/js/' in src, 'com_content' in src, 'option=com_' in src, 'index.php?option=' in src, '/templates/' in src, 'joomla' in src.lower(), 'Joomla' in src, 'generator" content="Joomla' in src, '/administrator/' in src, 'modules/mod_' in src, 'plugins/system/' in src, 'mootools.js' in src, 'X-Content-Encoded-By: Joomla' in str(h) ] for x in c: if x==True: return True return False h={ 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Language': 'en-US,en;q=0.9,ar;q=0.8', 'Accept-Encoding': 'gzip, deflate, br', 'Connection': 'keep-alive', 'Upgrade-Insecure-Requests': '1', 'Cache-Control': 'max-age=0', 'Sec-Ch-Ua': '"Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120"', 'Sec-Ch-Ua-Mobile': '?0', 'Sec-Ch-Ua-Platform': '"Windows"', 'Sec-Fetch-Dest': 'document', 'Sec-Fetch-Mode': 'navigate', 'Sec-Fetch-Site': 'none', 'Sec-Fetch-User': '?1', 'Pragma': 'no-cache' } def filter(site): try: site=URL(site) time.sleep(0.2) try: r=requests.get(site,timeout=20,headers=h,verify=False) src=r.text hs=str(r.headers) except: if site.startswith('http://'): site_https=site.replace('http://','https://') r=requests.get(site_https,timeout=20,headers=h,verify=False) src=r.text hs=str(r.headers) else: raise if wp(src,hs)==True: if check_wp_admin(site)==True: print(' --| '+site+' --> {}[WordPress - ADMIN]'.format(fg)) open('wp_admin.txt','a',encoding='utf-8').write(site+'/\n') else: print(' --| '+site+' --> {}[WordPress - NO ADMIN]'.format(fy)) open('wp_no_admin.txt','a',encoding='utf-8').write(site+'/\n') elif joomla(src,hs)==True: if check_joomla_admin(site)==True: print(' --| '+site+' --> {}[Joomla - ADMIN]'.format(fg)) open('joomla_admin.txt','a',encoding='utf-8').write(site+'/\n') else: print(' --| '+site+' --> {}[Joomla - NO ADMIN]'.format(fy)) open('joomla_no_admin.txt','a',encoding='utf-8').write(site+'/\n') else: print(' --| '+site+' --> {}[Not WP/Joomla]'.format(fr)) except: print(' --| '+site+' --> {}[Error]'.format(fr)) mp=Pool(80) mp.map(filter,target) mp.close() mp.join() print('\n'+fg+'[+] Done!'+Style.RESET_ALL) print(fg+' - wp_admin.txt (Working Admin)'+Style.RESET_ALL) print(fg+' - wp_no_admin.txt (No Admin)'+Style.RESET_ALL) print(fg+' - joomla_admin.txt (Working Admin)'+Style.RESET_ALL) print(fg+' - joomla_no_admin.txt (No Admin)'+Style.RESET_ALL)