CMS auto detect and exploit.

Overview

BadMod auto exploit tool


Version 2.0

  • Fixed colors bug
  • Fixed permissions bug
  • Added new option to scan single target
  • Added new option to scan joomla & wordpress plugins

Installation

  • Install tool
  • git clone https://github.com/MrSqar-Ye/BadMod.git
  • Install php
  • sudo apt-get install php
  • Install php curl
  • sudo apt-get install php-curl

Screen shots



Header






Installation



  • Install tool
  • chmod +x INSTALL
    ./INSTALL


Option 1 - Get all server sites


  • Fast tool to get all server sites .



Option 2 - generate random IP's





Video





Report bug.

  • Submit new issue
  • Send to my Email

i Hope you like the tool, <3 :D :)

You might also like...
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. Ransomware with automatic Coinbase Commerce integration created in C# (Console) and PHP
Ransomware with automatic Coinbase Commerce integration created in C# (Console) and PHP

AWare — C# Ransomware Ransomware with automatic Coinbase Commerce integration created in C# (Console) and PHP PD: AWare is just a proof of concept, wi

A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.
A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

A (unofficial) WordPress plugin reporting PHP and JavaScript errors to Sentry.

A (unofficial) WordPress plugin to report PHP and JavaScript errors to Sentry.

Quickly and easily secure HTML text.
Quickly and easily secure HTML text.

Larasane Quickly sanitize text into safe-HTML using fluid methods. Requirements PHP 7.4, 8.0 or later. Laravel 7.x, 8.x or later. Installation Just fi

ChestRandomBP: This plugin generates chests in random places within a specific world. Where you can customize what each one of them contains, the time and the world of spawning.
ChestRandomBP: This plugin generates chests in random places within a specific world. Where you can customize what each one of them contains, the time and the world of spawning.

ChestRandomBP ChestRandomBP: This plugin generates chests, it works PocketMine-MP and random places within a specific world. Where you can customize w

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

On International Talk Like a Pirate Day (September 19th), this filter changes all appropriate English phrases and words into pirate-speak.

Pirate This module is a simple filter that, when enabled, will change your posts to "Pirate talk" on September 19th for Talk like a Pirate Day Install

A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote URL.
A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote URL.

Simple PHP Web Backdoor A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote U

Comments
  • Functions.php

    Functions.php

    Hello I got this on scanning session, any clue? im totally noob on php

    PHP Warning: fopen(SingleScan/singleSite.txt): failed to open stream: No such file or directory in /bin/badmodF/Functions.php on line 658 PHP Warning: fwrite() expects parameter 1 to be resource, boolean given in /bin/badmodF/Functions.php on line 659 PHP Warning: fwrite() expects parameter 1 to be resource, boolean given in /bin/badmodF/Functions.php on line 660 PHP Warning: fclose() expects parameter 1 to be resource, boolean given in /bin/badmodF/Functions.php on line 661

    opened by psychomad 3
  • Undefined variable - Functions.php

    Undefined variable - Functions.php

    -========================================- Target : http://localhost/joomla/ [CMS] -============================- joomla PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 1834 PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 1835 [Version] -=========================- 1.5 PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 2407 PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 2408 [com_j-d] -=========================- Not Vuln

    -========================================- Target : http://localhost/joomla/ [CMS] -============================- joomla PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 1834 PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 1835 [Version] -=========================- 2.5 PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 2407 PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 2408 [com_j-d] -=========================- Not Vuln

    -========================================- Target : http://localhost/joomla/ [CMS] -============================- joomla PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 1834 PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 1835 [Version] -=========================- 3.4 PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 2407 PHP Notice: Undefined variable: target in /root/BadMod/Functions.php on line 2408 [com_j-d] -=========================- Not Vuln

    opened by Plexias 1
  • Random exit after choosing any option

    Random exit after choosing any option

    Running on Kali Everytime i run the tool it launches but after i pick what method for exploitation it randomly closes without any output... any logs i can provide?

    opened by D347HGUN 0
  • Dockerfile

    Dockerfile

    Added Dockerfile.

    Build: docker build -t mrsqar-ye/badmod:latest . Launch: docker run -it --rm mrsqar-ye/badmod:latest Launch w/persistence: docker run -it --rm -v ${PWD}:/srv/BadMod/ mrsqar-ye/badmod:latest

    Signed-off-by: Bobby Hines [email protected]

    opened by bobbyahines 0
Owner
Mohammed Al-Barbari
I try to build the tools that make ur life easier
Mohammed Al-Barbari
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryption, digital signing and message authentication.

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

null 19 Dec 31, 2022
PHP 5.x support for random_bytes() and random_int()

random_compat PHP 5.x polyfill for random_bytes() and random_int() created and maintained by Paragon Initiative Enterprises. Although this library sho

Paragon Initiative Enterprises 8k Jan 5, 2023
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Jan 6, 2023
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
A library for generating random numbers and strings

RandomLib A library for generating random numbers and strings of various strengths. This library is useful in security contexts. Install Via Composer

Anthony Ferrara 832 Nov 24, 2022
Fast, general Elliptic Curve Cryptography library. Supports curves used in Bitcoin, Ethereum and other cryptocurrencies (secp256k1, ed25519, ..)

Fast Elliptic Curve Cryptography in PHP Information This library is a PHP port of elliptic, a great JavaScript ECC library. Supported curve types: Sho

Simplito 178 Dec 28, 2022
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

Pádraic Brady 131 Oct 30, 2022
TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library

About TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library. By default, a cookie will be used as a storage backend. TCrypto h

timoh 57 Dec 2, 2022
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 5, 2023