repo init

This commit is contained in:
profxadke 2024-01-09 19:38:48 +05:45
commit 74a05a9804
4 changed files with 86 additions and 0 deletions

2
.env.example Normal file
View file

@ -0,0 +1,2 @@
MAIL_API_URL=https://mailsac.com/api
MAIL_API_KEY=GET_ONE_FROM_ABOVE_HOST

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
.env
*.txt
geckodriver*

10
README.md Normal file
View file

@ -0,0 +1,10 @@
# WpXcan
WpScan with no 25/day API limitation. - just kidding ~ but yeah, a workaround :p
You'll have to rename/move `.env.example` to `.env` and use one API key afer signing up on mailsac.com
You will also need to download geckodriver from https://github.com/mozilla/geckodriver/releases
Decompress and save, the excutable within this project's path.
Finally, you can now run `./main.py` or `python3 ./main.py` and obtain one free WP-Scan API Token.

71
main.py Executable file
View file

@ -0,0 +1,71 @@
#!/usr/bin/env python3
import requests, dotenv
from time import sleep
from faker import Faker
from requests import session
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.firefox.service import Service
WPSCAN_API_KEY = ''
AVERAGE_PAGE_LOAD_TIME = 5 # in seconds.
env = dotenv.dotenv_values()
service = Service(executable_path="./geckodriver")
base_url = env["MAIL_API_URL"]; api_key = env["MAIL_API_KEY"]
options = webdriver.FirefoxOptions()
fake = Faker(); client = session()
headers = {
'User-Agent': "Nick's Client X",
'Mailsac-Key': api_key
}; client.headers.update(headers)
fake_email = fake.email().split('@')[0] + '@mailsac.com'
fake_name = fake.name(); fake_pass = fake.password()
def check_if_exists(email):
if '@' not in email:
email += '@mailsac.com'
return client.get(base_url + f'/addresses/{email}/availability').json()['owned']
while check_if_exists(fake_email):
fake_email = fake.email().split('@')[0] + '@mailsac.com'
check_if_exists(fake_email)
def main():
resp = client.post(base_url + f'/addresses/{fake_email}').json()
driver = webdriver.Firefox(service=service, options=options)
driver.get('https://wpscan.com/register/')
sleep(AVERAGE_PAGE_LOAD_TIME)
driver.find_element(By.ID, 'user.name').send_keys(fake_name)
driver.find_element(By.ID, 'user.email').send_keys(fake_email)
driver.find_element(By.ID, 'user.password').send_keys(fake_pass)
driver.find_element(By.ID, 'user.password_confirmation').send_keys(fake_pass)
driver.find_element(By.ID, 'user.terms_accepted').send_keys(' ')
driver.find_element(By.XPATH, '//*[@id="wps-sign-up-form"]/div/div/div/form/div[4]/div/div/div[3]/button').send_keys(' ')
sleep(AVERAGE_PAGE_LOAD_TIME)
resp = client.get(base_url + f'/addresses/{fake_email}/messages').json()
confirm_url = resp[0]['links'][0]
driver.get(confirm_url)
sleep(AVERAGE_PAGE_LOAD_TIME)
driver.find_element(By.NAME, 'email').send_keys(fake_email)
driver.find_element(By.NAME, 'password').send_keys(fake_pass)
driver.find_element(By.XPATH, '/html/body/div[1]/main/div[2]/div/div/div/div/form/div/div[5]/div/button').send_keys(' ')
sleep(AVERAGE_PAGE_LOAD_TIME + 3.33) # Additional 3.33 because, it sometimes takes more time (which breaks the script; even if you've got your API keys through browser.)
# Finally, the API key!!
WPSCAN_API_KEY = driver.find_element(By.XPATH, '/html/body/div[1]/main/div[2]/div/div/div[1]/div[2]/div[1]/div[1]/div[1]/p').text
print("WPSCAN-API-KEY:", WPSCAN_API_KEY)
resp = client.delete(base_url+f'/addresses/{fake_email}').json()
driver.quit()
if __name__ == '__main__':
main()