Hello Evil Souls!
Today, I'd like to offer you something special. If you're interested in defacing a website and uploading your webshell to it but don't know much about defacing. Here is a tool that will help you out. You can obtain a list of vulnerable sites from various sources or bots that are shared on this forum, and then use this bot. The bot will scan these files for specific vulnerabilities, exploit them, and provide you with the results. Then you can upload your webshell on the site by just visiting the url.
How it works
Basically, it scans for all the known vulnerabilities that we have defined already in script list. If it finds a vulnerability on a particular site, it attempts to upload a script that is just a file manager. This file manager will help you in uploading your original webshell. You will receive all the URLs of vulnerable sites along with the path to the file manager. This will allow you to visit these sites and upload your shell.
What make it clean
The original developer of the code embedded a script within the file manager, which sent all the results and the server's IP address to a specified email address using the built-in PHP SMTP. This means that all the websites you acquired were also being sent to the developer, who could use your results to upload his webshell. As a result, we have removed all the code responsible for sending your results to the threat actor. You can now use this tool freely without any worry.
