├── README.md └── scan.py /README.md: -------------------------------------------------------------------------------- 1 | # Vuln-Scanner 2 | Vuln Scanner Bot 3 | Wordpress New Cves 2022 And 2023 4 | Laravel .env and phpunit 5 | admin paths { upload.php and admin/login.php } 6 | -------------------------------------------------------------------------------- /scan.py: -------------------------------------------------------------------------------- 1 | import os 2 | import click 3 | import argparse 4 | import requests 5 | import json 6 | import art 7 | from urllib3.exceptions import InsecureRequestWarning 8 | from requests.exceptions import RequestException, Timeout 9 | from concurrent import futures 10 | from bs4 import BeautifulSoup 11 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 12 | session = requests.Session() 13 | timeout = 30 14 | 15 | 16 | def version_check(wordpress_url): 17 | headers = { 18 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'} 19 | plugin_url = f"{wordpress_url}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" 20 | revslider_url = f"{wordpress_url}/wp-content/plugins/revslider/release_log.txt" 21 | contact_form_url = f"{wordpress_url}/wp-content/plugins/website-contact-form-with-file-upload/readme.txt" 22 | elementor_pro_url = f"{wordpress_url}/wp-content/plugins/elementor-pro/changelog.txt" 23 | woocommerce_payments = f"{wordpress_url}/wp-content/plugins/woocommerce-payments/readme.txt" 24 | ultimate_member = f"{wordpress_url}/wp-content/plugins/ultimate-member/readme.txt" 25 | mstore_api= f"{wordpress_url}/wp-content/plugins/mstore-api/readme.txt" 26 | Tatsu=f"{wordpress_url}/wp-content/plugins/tatsu/readme.txt" 27 | iwp_client=f"{wordpress_url}/wp-content/plugins/iwp-client/readme.txt" 28 | wpcargo=f"{wordpress_url}/wp-content/plugins/wpcargo/readme.txt" 29 | wpfilemanager=f"{wordpress_url}/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php" 30 | imagemagick=f"{wordpress_url}/wp-content/plugins/imagemagick-engine/readme.txt" 31 | workreap=f"{wordpress_url}/wp-content/themes/workreap/style.css" 32 | barclaycart=f"{wordpress_url}/wp-content/plugins/barclaycart/readme.txt" 33 | try: 34 | response = requests.get( 35 | plugin_url, headers=headers, verify=False, timeout=timeout) 36 | if response.status_code == 200: 37 | content = response.text 38 | 39 | version_line = next((line for line in content.split( 40 | '\n') if line.startswith('Stable tag:')), None) 41 | if version_line: 42 | version = version_line.split(':')[1].strip() 43 | if '5.3.9' < version < '5.7.2': 44 | print( 45 | f"\033[92m{wordpress_url} > [essential-addons-for-elementor-lite VULN]\033[0m") 46 | with open("essential.txt", "a") as vuln_file: 47 | vuln_file.write(wordpress_url + "\n") 48 | else: 49 | print( 50 | f"\033[91m{wordpress_url} > [essential-addons-for-elementor-lite NOT Vuln]\033[0m") 51 | else: 52 | print( 53 | f"\033[91m{wordpress_url} > [Failed GET essential-addons-for-elementor-lite version]\033[0m") 54 | else: 55 | print( 56 | f"\033[91m{wordpress_url} > [Failed to fetch the essential-addons-for-elementor-lite readme.txt file]\033[0m") 57 | if "add-listing" in response.text and "get-nearby-listings" in response.text: 58 | print( 59 | f"\033[91m{wordpress_url} > Was unable to read essential-addons-for-elementor-lite readme.txt but the plugin might be installed\033[0m") 60 | with open("essential.txt", "a") as vuln_file: 61 | vuln_file.write(wordpress_url + "\n") 62 | else: 63 | print( 64 | f"\033[91m{wordpress_url} > [essential-addons-for-elementor-lite NO installed]\033[0m") 65 | 66 | response = requests.get( 67 | imagemagick, headers=headers, verify=False, timeout=timeout) 68 | if response.status_code == 200: 69 | content = response.text 70 | 71 | version_line = next((line for line in content.split( 72 | '\n') if line.startswith('Stable tag:')), None) 73 | if version_line: 74 | version = version_line.split(':')[1].strip() 75 | if version <= '1.7.5': 76 | print( 77 | f"\033[92m{wordpress_url} > [imagemagick VULN]\033[0m") 78 | with open("imagemagick.txt", "a") as vuln_file: 79 | vuln_file.write(wordpress_url + "\n") 80 | else: 81 | print( 82 | f"\033[91m{wordpress_url} > [imagemagick NOT Vuln]\033[0m") 83 | else: 84 | print( 85 | f"\033[91m{wordpress_url} > [Failed GET imagemagick version]\033[0m") 86 | else: 87 | print( 88 | f"\033[91m{wordpress_url} > [Failed to fetch the imagemagick readme.txt file]\033[0m") 89 | print( 90 | f"\033[91m{wordpress_url} > [imagemagick NO installed]\033[0m") 91 | 92 | 93 | response = requests.get( 94 | barclaycart, headers=headers, verify=False, timeout=timeout) 95 | if response.status_code == 200: 96 | content = response.text 97 | 98 | version_line = next((line for line in content.split( 99 | '\n') if line.startswith('Stable tag:')), None) 100 | if version_line: 101 | version = version_line.split(':')[1].strip() 102 | if version <= '200': 103 | print( 104 | f"\033[92m{wordpress_url} > [barclaycart VULN]\033[0m") 105 | with open("barclaycart.txt", "a") as vuln_file: 106 | vuln_file.write(wordpress_url + "\n") 107 | else: 108 | print( 109 | f"\033[91m{wordpress_url} > [barclaycart NOT Vuln]\033[0m") 110 | else: 111 | print( 112 | f"\033[91m{wordpress_url} > [Failed GET barclaycart version]\033[0m") 113 | else: 114 | print( 115 | f"\033[91m{wordpress_url} > [Failed to fetch the barclaycart readme.txt file]\033[0m") 116 | print( 117 | f"\033[91m{wordpress_url} > [barclaycart NO installed]\033[0m") 118 | 119 | 120 | 121 | response = requests.get( 122 | iwp_client, headers=headers, verify=False, timeout=timeout) 123 | 124 | if response.status_code == 200 and '=== InfiniteWP Client ===' in response.text: 125 | print(f"\033[92m{wordpress_url} > [InfiniteWp VULN]\033[0m") 126 | with open("iwp.txt", "a") as vuln_file: 127 | vuln_file.write(wordpress_url + "\n") 128 | else: 129 | print(f"033[91m{wordpress_url} > [InfiniteWp NOT Vuln]\033[0m") 130 | 131 | response = requests.get( 132 | workreap, headers=headers, verify=False, timeout=timeout) 133 | 134 | if response.status_code == 200 and 'Workreap' in response.text: 135 | print(f"\033[92m{wordpress_url} > [Workreap VULN]\033[0m") 136 | with open("Workreap.txt", "a") as vuln_file: 137 | vuln_file.write(wordpress_url + "\n") 138 | else: 139 | print(f"033[91m{wordpress_url} > [Workreap NOT Vuln]\033[0m") 140 | 141 | 142 | 143 | response = requests.get( 144 | wpfilemanager, headers=headers, verify=False, timeout=timeout) 145 | if '{"error":["errUnknownCmd"]}' in response.text: 146 | print(f"\033[92m{wordpress_url} > [wpfilemanager VULN]\033[0m") 147 | with open("wpfilemanager.txt", "a") as vuln_file: 148 | vuln_file.write(wordpress_url + "\n") 149 | else: 150 | print(f"\033[91m{wordpress_url} > [wpfilemanager NOT Vuln]\033[0m") 151 | 152 | 153 | 154 | 155 | 156 | 157 | response = requests.get( 158 | wpcargo, headers=headers, verify=False, timeout=timeout) 159 | if response.status_code == 200: 160 | content = response.text 161 | 162 | version_line = next((line for line in content.split( 163 | '\n') if line.startswith('Stable tag:')), None) 164 | if version_line: 165 | version = version_line.split(':')[1].strip() 166 | if version <= '6.9.4': 167 | print( 168 | f"\033[92m{wordpress_url} > [wpcargo VULN]\033[0m") 169 | with open("wpcargo.txt", "a") as vuln_file: 170 | vuln_file.write(wordpress_url + "\n") 171 | else: 172 | print( 173 | f"\033[91m{wordpress_url} > [wpcargo NOT Vuln]\033[0m") 174 | else: 175 | print( 176 | f"\033[91m{wordpress_url} > [Failed GET wpcargo version]\033[0m") 177 | else: 178 | print( 179 | f"\033[91m{wordpress_url} > [Failed to fetch the wpcargo readme.txt file]\033[0m") 180 | print( 181 | f"\033[91m{wordpress_url} > [wpcargo NO installed]\033[0m") 182 | 183 | 184 | 185 | response = requests.get( 186 | Tatsu, headers=headers, verify=False, timeout=timeout) 187 | if response.status_code == 200: 188 | content = response.text 189 | 190 | version_line = next((line for line in content.split( 191 | '\n') if line.startswith('Stable tag:')), None) 192 | if version_line: 193 | version = version_line.split(':')[1].strip() 194 | if version <= '4.3': 195 | print( 196 | f"\033[92m{wordpress_url} > [Tatsu VULN]\033[0m") 197 | with open("Tatsu.txt", "a") as vuln_file: 198 | vuln_file.write(wordpress_url + "\n") 199 | else: 200 | print( 201 | f"\033[91m{wordpress_url} > [Tatsu NOT Vuln]\033[0m") 202 | else: 203 | print( 204 | f"\033[91m{wordpress_url} > [Failed GET Tatsu version]\033[0m") 205 | else: 206 | print( 207 | f"\033[91m{wordpress_url} > [Failed to fetch the Tatsu readme.txt file]\033[0m") 208 | print( 209 | f"\033[91m{wordpress_url} > [Tatsu NO installed]\033[0m") 210 | 211 | response = requests.get( 212 | mstore_api, headers=headers, verify=False, timeout=timeout) 213 | if response.status_code == 200: 214 | content = response.text 215 | 216 | version_line = next((line for line in content.split( 217 | '\n') if line.startswith('Stable tag:')), None) 218 | if version_line: 219 | version = version_line.split(':')[1].strip() 220 | if version >= '3.9.3': 221 | print( 222 | f"\033[92m{wordpress_url} > [mstore_api VULN]\033[0m") 223 | with open("mstore_api.txt", "a") as vuln_file: 224 | vuln_file.write(wordpress_url + "\n") 225 | else: 226 | print( 227 | f"\033[91m{wordpress_url} > [mstore_api NOT Vuln]\033[0m") 228 | else: 229 | print( 230 | f"\033[91m{wordpress_url} > [Failed GET mstore_api version]\033[0m") 231 | else: 232 | print( 233 | f"\033[91m{wordpress_url} > [Failed to fetch the mstore_api readme.txt file]\033[0m") 234 | print( 235 | f"\033[91m{wordpress_url} > [mstore_api NO installed]\033[0m") 236 | 237 | response = requests.get( 238 | revslider_url, headers=headers, verify=False, timeout=timeout) 239 | if response.status_code == 200: 240 | content = response.text 241 | 242 | version_line = next((line for line in content.split( 243 | '\n') if line.startswith('version ')), None) 244 | if version_line: 245 | version = version_line.split('version ')[1].strip() 246 | if version <= '4.1.1': 247 | print(f"\033[92m{wordpress_url} > [revslider VULN]\033[0m") 248 | with open("revslider.txt", "a") as vuln_file: 249 | vuln_file.write(wordpress_url + "\n") 250 | else: 251 | print( 252 | f"\033[91m{wordpress_url} > [revslider NOT Vuln]\033[0m") 253 | else: 254 | print( 255 | f"\033[91m{wordpress_url} > [Failed GET revslider version]\033[0m") 256 | else: 257 | print( 258 | f"\033[91m{wordpress_url} > [Failed to fetch the revslider release_log.txt file]\033[0m") 259 | 260 | response = requests.get( 261 | contact_form_url, headers=headers, verify=False, timeout=timeout) 262 | if response.status_code == 200: 263 | content = response.text 264 | 265 | version_line = next((line for line in content.split( 266 | '\n') if line.startswith('Stable tag:')), None) 267 | if version_line: 268 | version = version_line.split(':')[1].strip() 269 | if version <= '1.3.4': 270 | print( 271 | f"\033[92m{wordpress_url} > [website-contact-form-with-file-upload VULN]\033[0m") 272 | with open("contact-form.txt", "a") as vuln_file: 273 | vuln_file.write(wordpress_url + "\n") 274 | else: 275 | print( 276 | f"\033[91m{wordpress_url} > [website-contact-form-with-file-upload NOT Vuln]\033[0m") 277 | else: 278 | print( 279 | f"\033[91m{wordpress_url} > [Failed GET website-contact-form-with-file-upload version]\033[0m") 280 | else: 281 | print( 282 | f"\033[91m{wordpress_url} > [Failed to fetch the website-contact-form-with-file-upload readme.txt file]\033[0m") 283 | print( 284 | f"\033[91m{wordpress_url} > [website-contact-form-with-file-upload NO installed]\033[0m") 285 | 286 | response = requests.get( 287 | elementor_pro_url, headers=headers, verify=False, timeout=timeout) 288 | if response.status_code == 200: 289 | print(f"\033[92m{wordpress_url} > [elementor-pro FOUND]\033[0m") 290 | with open("elementor.txt", "a") as vuln_file: 291 | vuln_file.write(wordpress_url + "\n") 292 | else: 293 | print( 294 | f"\033[91m{wordpress_url} > [elementor-pro NOT FOUND]\033[0m") 295 | 296 | wordpress_urls = [ 297 | "/wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/import.php", 298 | "/wp-content/plugins/superlogoshowcase-wp/sls-wp-admin/pages/import.php", 299 | "/wp-content/plugins/super-interactive-maps/sim-wp-admin/pages/import.php" 300 | ] 301 | with open("super.txt", "a") as vuln_file: 302 | for urls in wordpress_urls: 303 | superlink = wordpress_url + urls 304 | try: 305 | response = requests.get(superlink, headers=headers, verify=False, timeout=timeout) 306 | if response.status_code == 200 and "
" in response.text: 307 | vuln_file.write(wordpress_url + "\n") 308 | print(f"\033[92m{wordpress_url} > [ SUPER VULNERABLE]\033[0m") 309 | else: 310 | print(f"\033[91m{wordpress_url} > [ SUPER NOT VULNERABLE]\033[0m") 311 | except Exception as e: 312 | print(f"\033[91m{wordpress_url} > [ERROR]\033[0m", str(e)) 313 | 314 | 315 | response = requests.get(woocommerce_payments, 316 | headers=headers, verify=False, timeout=timeout) 317 | if response.status_code == 200: 318 | content = response.text 319 | 320 | version_line = next((line for line in content.split( 321 | '\n') if line.startswith('Stable tag:')), None) 322 | if version_line: 323 | version = version_line.split(':')[1].strip() 324 | if '1.0.0' < version < '5.9.0': 325 | print( 326 | f"\033[92m{wordpress_url} > [woocommerce-payments VULN]\033[0m") 327 | with open("essential.txt", "a") as vuln_file: 328 | vuln_file.write(wordpress_url + "\n") 329 | else: 330 | print( 331 | f"\033[91m{wordpress_url} > [woocommerce-payments NOT Vuln]\033[0m") 332 | else: 333 | print( 334 | f"\033[91m{wordpress_url} > [Failed GET woocommerce-payments version]\033[0m") 335 | else: 336 | print( 337 | f"\033[91m{wordpress_url} > [Failed to fetch the woocommerce-payments readme.txt file]\033[0m") 338 | if "add-listing" in response.text and "get-nearby-listings" in response.text: 339 | print( 340 | f"\033[91m{wordpress_url} > Was unable to read woocommerce-payments readme.txt but the plugin might be installed\033[0m") 341 | with open("woocommerce-payments.txt", "a") as vuln_file: 342 | vuln_file.write(wordpress_url + "\n") 343 | else: 344 | print( 345 | f"\033[91m{wordpress_url} > [woocommerce-payments NO installed]\033[0m") 346 | 347 | response = requests.get( 348 | ultimate_member, headers=headers, verify=False, timeout=timeout) 349 | if response.status_code == 200: 350 | content = response.text 351 | 352 | version_line = next((line for line in content.split( 353 | '\n') if line.startswith('Stable tag:')), None) 354 | if version_line: 355 | version = version_line.split(':')[1].strip() 356 | if '1.0.0' < version < '2.6.6': 357 | print( 358 | f"\033[92m{wordpress_url} > [ultimate_member VULN]\033[0m") 359 | with open("ultimate_member.txt", "a") as vuln_file: 360 | vuln_file.write(wordpress_url + "\n") 361 | else: 362 | print( 363 | f"\033[91m{wordpress_url} > [ultimate_member NOT Vuln]\033[0m") 364 | else: 365 | print( 366 | f"\033[91m{wordpress_url} > [Failed GET ultimate_member version]\033[0m") 367 | else: 368 | print( 369 | f"\033[91m{wordpress_url} > [Failed to fetch the ultimate_member readme.txt file]\033[0m") 370 | if "add-listing" in response.text and "get-nearby-listings" in response.text: 371 | print( 372 | f"\033[91m{wordpress_url} > Was unable to read ultimate_member readme.txt but the plugin might be installed\033[0m") 373 | with open("ultimate_member.txt", "a") as vuln_file: 374 | vuln_file.write(wordpress_url + "\n") 375 | else: 376 | print( 377 | f"\033[91m{wordpress_url} > [ultimate_member NO installed]\033[0m") 378 | 379 | 380 | upload_url = wordpress_url + "/upload.php" 381 | upload_response = requests.get(upload_url, headers=headers, verify=False, timeout=timeout) 382 | if upload_response.status_code == 200: 383 | if "Not Found" in upload_response.text: 384 | print(f"\033[91m{upload_url} > [/upload.php does not exist]\033[0m") 385 | else: 386 | print(f"\033[92m{upload_url} > [/upload.php exists]\033[0m") 387 | with open("admin_paths.txt", "a") as vuln_file: 388 | vuln_file.write(upload_url + "\n") 389 | else: 390 | print(f"\033[91m{upload_url} > [/upload.php does not exist]\033[0m") 391 | 392 | 393 | admin_login_url = wordpress_url + "/admin/login.php" 394 | admin_response = requests.get(admin_login_url, headers=headers, verify=False, timeout=timeout).text 395 | soad = BeautifulSoup(admin_response.text, "html.parser") 396 | if "login" in soad.get_text() and "submit" in soad.get_text() and "Admin" in soad.get_text(): 397 | if "404" in soad.get_text() and "FOUND" in soad.get_text() and "404" in soad.get_text(): 398 | print(f"\033[91m{admin_login_url} > [/admin/login.php does not exist]\033[0m") 399 | else: 400 | print(f"\033[92m{admin_login_url} > [/admin/login.php exists]\033[0m") 401 | with open("admin_paths.txt", "a") as vuln_file: 402 | vuln_file.write(admin_login_url + "\n") 403 | else: 404 | print(f"\033[91m{admin_login_url} > [/admin/login.php does not exist]\033[0m") 405 | 406 | 407 | laravel_env = wordpress_url + "/.env" 408 | laravelenv = requests.get(laravel_env, headers=headers, verify=False, timeout=timeout).text 409 | if "APP_URL" in laravelenv and "DB_HOST" in laravelenv: 410 | print(f"\033[92m{laravel_env} > [Laravel .env exists]\033[0m") 411 | with open("laravel_EnV.txt", "a") as vuln_file: 412 | vuln_file.write(wordpress_url + "/.env\n") 413 | else: 414 | print(f"\033[91m{laravel_env} > [Laravel .env exist]\033[0m") 415 | 416 | laravel_phpunit = wordpress_url + "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" 417 | data = "" 418 | laravelunit = requests.get(laravel_phpunit, data=data, timeout=15, verify=False ,headers=headers) 419 | if "phpinfo" in laravelunit.text: 420 | print(f"\033[92m{wordpress_url} > [Laravel phpunit Vuln]\033[0m") 421 | with open("laravel_phpunit.txt", "a") as vuln_file: 422 | vuln_file.write(wordpress_url + "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\n") 423 | else: 424 | print(f"\033[91m{wordpress_url} > [Laravel phpunit exist]\033[0m") 425 | 426 | 427 | laravel_phpunit = wordpress_url + "/wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" 428 | data = "" 429 | laravelunit = requests.get(laravel_phpunit, data=data, timeout=15, verify=False ,headers=headers) 430 | if "phpinfo" in laravelunit.text: 431 | print(f"\033[92m{wordpress_url} > [Laravel phpunit Vuln]\033[0m") 432 | with open("laravel_phpunit.txt", "a") as vuln_file: 433 | vuln_file.write(wordpress_url + "/wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\n") 434 | else: 435 | print(f"\033[91m{wordpress_url} > [Laravel phpunit exist]\033[0m") 436 | 437 | wordpress_urls = [ 438 | "/wp-admin/setup-config.php?step=1", 439 | "/wordpress/wp-admin/setup-config.php?step=1", 440 | "/wp/wp-admin/setup-config.php?step=1", 441 | "/old/wp-admin/setup-config.php?step=1", 442 | "/new/wp-admin/setup-config.php?step=1" 443 | ] 444 | with open("wp_setup.txt", "a") as vuln_file: 445 | for urls in wordpress_urls: 446 | setuplink = wordpress_url + urls 447 | try: 448 | response = requests.get(setuplink, headers=headers, verify=True, timeout=timeout) 449 | if response.status_code == 200 and "" in response.text: 450 | vuln_file.write(setuplink + "\n") 451 | print(f"\033[92m{wordpress_url} > [Wordpress Setup Found]\033[0m") 452 | else: 453 | print(f"\033[91m{wordpress_url} > [Not Found Wp Setup]\033[0m") 454 | except Exception as e: 455 | print(f"\033[91m{wordpress_url} > [ERROR]\033[0m", str(e)) 456 | 457 | 458 | 459 | 460 | 461 | laravel_register = wordpress_url + "/register" 462 | admin_response = requests.get(laravel_register, headers=headers, verify=False, timeout=timeout).text 463 | if "register" in admin_response and "daftar" in admin_response and "submit" in admin_response and "login" in admin_response: 464 | print(f"\033[92m{laravel_register} > [laravel register exists]\033[0m") 465 | with open("laravel_register.txt", "a") as vuln_file: 466 | vuln_file.write(wordpress_url + "/register\n") 467 | else: 468 | print(f"\033[91m{laravel_register} > [laravel register not exist]\033[0m") 469 | 470 | 471 | except (RequestException, ConnectionError, Timeout) as e: 472 | print(f"\033[91m{wordpress_url} > [UNKNOWN ERROR]\033[0m") 473 | return False 474 | 475 | return False 476 | 477 | 478 | def process_domain(domain): 479 | version_check(domain) 480 | 481 | 482 | def process_domains(file_path, num_threads): 483 | with open(file_path, "r") as file: 484 | domains = file.read().splitlines() 485 | with futures.ThreadPoolExecutor(max_workers=num_threads) as executor: 486 | executor.map(process_domain, domains) 487 | 488 | 489 | if __name__ == "__main__": 490 | parser = argparse.ArgumentParser() 491 | parser.add_argument("-l", "--file", required=True, 492 | help="Path to the file containing multiple domains") 493 | parser.add_argument("-t", "--threads", required=True, 494 | type=int, help="Number of threads") 495 | args = parser.parse_args() 496 | file_path = args.file 497 | num_threads = args.threads 498 | 499 | process_domains(file_path, num_threads) 500 | --------------------------------------------------------------------------------