###########################

# [pl] XMLRPC scanner perl script

###########################

#! /usr/bin/perl

use HTML::Parser; #HTML
use LWP::UserAgent; #http request
use LWP::Simple;
use Parallel::ForkManager; # threads
use strict;
use Net::IP; # range IP
use IO::Socket;
use Term::ANSIColor;
use vars qw( $PROG );
( $PROG = $0 ) =~ s/^.*[\/\\]//;
#Usage
if ( @ARGV == 0 ) {
      print "Usage : ./$PROG [Start IP] [End IP] [Threads] [.txt] [Delay]\n Coded by Zidane For HF User\n";
    exit;
}
my $threads  = $ARGV[2]; #threads
my @ip_team  = (); #IP
$|= 1;
my $ip   = new Net::IP ("$ARGV[0] - $ARGV[1]") or die "Invalid IP Range.". Net::IP::Error() ."\n";
$SIG{'INT'} = sub {exit;};
my @folders = ("/wordpress/", "/wp/", "/blog/", "/"); # folders
my $stringsearch = "XML-RPC"; # string to search
my $filename = $ARGV[3]; # .txt
my $max_processes = $ARGV[2]; #threads
my $pm = Parallel::ForkManager->new($max_processes); # thread spawner

#Forking
while ($ip) {
push @ip_team, $ip++ ->ip();
if ( $threads == @ip_team ) { Scan(@ip_team); @ip_team = () }
}
Scan(@ip_team);

#Scan
sub Scan
{
my @Pids;

      foreach my $ip (@_)
      {
      my $pid      = fork();
      die "Can't Fork $!\n" unless defined $pid;

      if  (0 == $pid)
      {
      alarm 1;

foreach (@folders) {

    my $pid2 - $pm->start and next; #thread
    alarm("$ARGV[4]");

        my $url = "http://$ip" . "$_" . "xmlrpc.php";
        my $ua = LWP::UserAgent->new;  
            print "\e[96m[!]Search \e[31m$url\n\e[0m";        
        my $response = $ua->get($url);
        if ( !$response->is_success ) {
        }
        if (head($url)) {

        my $parser = HTML::Parser->new( 'text_h' => [ \&text_handler, 'dtext' ] ); #text decoder
        $parser->parse( $response->decoded_content );
        sub text_handler {
            chomp( my $text = shift );

            if ( $text =~ /$stringsearch/i ) {

      my $ui = $url;
      $ui =~ s/xmlrpc.php/?feed=rss2/;
      if (head($ui)) {
      sub check {
      $LOLGETIT=get($ui);
      $LOLGETIT =~ /<item>.+?<link>(.+?)<\/link>.+?<\/item>/s;
      if ($1) {
      open (FILE, ">>$filename");
                my $post = $1;
                $ui =~ s{\Q?feed=rss2\E}{xmlrpc.php};
                print FILE "$ui $post\n";      
      close (FILE);
                print "\e[96m[+]Found : \e[32m$ui $post\e[0m\n";
      exec($^X, "-e", "sleep 1,kill(0,$pid2)||kill -9,$pid2"); #kill process
      }
      }
      check();
      } else {
      }        }    
    }
    } else {
}
$pm->finish;
}

      exit
      }
      else
      {
      push @Pids, $pid
      }
      }

foreach my $pid (@Pids) { waitpid($pid, 0) }
}

###########################

# Iranian Exploit DataBase = http://IeDb.Ir [2016-12-17]

###########################