Bot-Exploit/cms.php at master · 0xhrman/Bot-Exploit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
error_reporting(0);
system('clear');

function Save($file, $content) {
    $fp = fopen($file, 'a+');
    fwrite($fp, $content. "\n");
    fclose($fp);
}

function site($url){
  $ch   = curl_init();
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_TIMEOUT, 10);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0");
  curl_setopt($ch, CURLOPT_HEADER, 1);
  curl_setopt($ch, CURLOPT_MAXREDIRS, 3);
  $output = curl_exec($ch);
  $httpcode  = curl_getinfo($ch, CURLINFO_HTTP_CODE);
  $redirectedUrl = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
  return [
    "head" => $httpcode,
    "body" => $output,
    "redirect" => $redirectedUrl
  ];
}

echo "\nEnter Your List : ";
$url      = trim(fgets(STDIN));
$file     = file_get_contents($url);
$urls     = explode("\n", $file);
$i        = 1;
foreach ($urls as $list) {
echo "[" . $i . " / " . count($urls) . "]";
$i++;
$shell = explode(PHP_EOL, $list);
foreach ($shell as $shellchk) {
$url  = trim($shellchk);

$site = site($url);

preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $site['body'], $matches);
$cookies = array();
foreach($matches[1] as $item) {
  parse_str($item, $cookie);
  $cookies = array_merge($cookies, $cookie);
}
$session = array_keys($cookies);
$key_valid = array_keys(preg_grep ('/_session/', $session));

if(preg_match("/WordPress|wp-content|xmlrpc.php/", $site['body'])){
  echo "\033[92m[Wordpress!] - ".$site['redirect']."\n\033[97m";
  Save('wordpress.txt', $site['redirect']);
}
elseif(preg_match("/bbsessionhash|bblastvisit|bblastactivity/", $site['body'])){
  echo "\033[92m[vBulletin!] - ".$site['redirect']." - ".$session[0]."\n\033[97m";
  Save('vbulletin.txt', $site['redirect']);
}
else if(preg_match("/Joomla!|com_search|index.php\/component/", $site['body'])){
  echo "\033[92m[Joomla!] - ".$site['redirect']."\n\033[97m";
  Save('joomla.txt', $site['redirect']);
}
else if(preg_match("/sites\/default\/|sites\/default\/files|sites\/all\/modules/", $site['body'])){
  echo "\033[92m[Drupal!] - ".$site['redirect']."\n\033[97m";
  Save('drupal.txt', $site['redirect']);
}
else if(preg_match("/content=\"PrestaShop\"/", $site['body'])){
  echo "\033[92m[Prestashop!] - ".$site['redirect']."\n\033[97m";
  Save('prestashop.txt', $site['redirect']);
}
else if(preg_match("/ss_takemeto/", $site['body'])){
  echo "\033[92m[Interspire!] - ".$site['redirect']."\n\033[97m";
  Save('interspire.txt', $site['redirect']);
}
else if(preg_match("/_session/", $site['body'])){
  if(preg_match("/ci_session|_session_|wp_session/", $site['body'])){
//     echo "\033[91m[BAD] - ".$site['redirect']."\n\033[97m";
  }
  else{
	  echo "\033[92m[Laravel!] - ".$site['redirect']." - ".$session[$key_valid[0]]."\n\033[97m";
  Save('laravel.txt', $site['redirect']);
  }
}

else{
    echo "\033[91m[BAD] - ".$site['redirect']."\n\033[97m";
 }

}
}

?>