Here is the video :


Not every site is exploitable! joomla released patch for each version & who applied that are no longer can be exploited. But still there are many sites which are not fixed yet! So don't hate :)





sorry for no music didn't got much time....

Suppose you Defaced lots of sites using mass defacer script, but there maybe lots of sites among them that might not exist anymore or they didn't defaced properly!
This script will filter all the working defaced sites for you and save them in a list file!


1. Run the script "python DefCheck.py"
2. Enter the list name of your Defaced sites links.
     ( a file with links of your deface pages in each line like:
3. Enter a uniqe word you used in your deface page like:
    hack/Hack/Anonymous  /Hacked/Exploited {This will be used to verify if your deface page is there}
4. Now sit back and relax it will check every link and save the working link in a text file named "checked.txt" in the same directory.

Download & Source:

Ghostbin link

Direct Download


[+] Video Tutorial [+]

Sorry for this low quality :( I'll improve quality in future videos. please like & subscribe ^_^

it is a handy python script to save time to shell & deface :)


Github link


Raw Script Link


python's 'Requests' library must be installed to use this script! its very easy!
guideline to install:- http://docs.python-requests.org/en/master/user/install/


Launce the script.
put site url with http://
put username
put password
put deface page file name. (i.e: deface.html) & it will shell the server & Deface homepage.

Video TUT

 Youtube link


Won't work in captcha protected wp-logins .

url inspector is a small python script coded by a 15 years old script kiddie :p named skidie Khan. I am a new learner so there are some bugs I'll try to fix it :3


  1. Shows ip of the site and server informations.
  2. Option to save html source of the site in a file.
  3. Scans for cms. Checks if the target is WordPress / Joomla! / Drupal. finds their login page.
  4. Scans for Admin login pages.
  5. Scans for other sites hosted in the same server using bing.
  6. Option to save other sites list in a file.


first launch the script & Just put the site url without http & press enter. example: tkspc.in

Source code & Downloads:

here are 2 small php up-loader scripts. these things come in handy in many situations like shelling in WordPress etc.... While we are in mobile there is a key limitation of copy text so big shell codes can't be copied for pasting :/ .At that time these scripts are useful!
note: sometimes 1st one doesn't work on WP use 2nd one instead.


[alternative one]source: 

This is a mini shell modified by me to prevent search engine crawl. sometimes heavy shells like wso, b374k etc are uploaded in server but shows blank page, sometimes u get 403 forbidden or 503 method not implemented error. Luckily this shell might save you from these conditions!
it has the minimum functions of a shell.
*upload option.
*directory view.
*file edit , rename, delete, chmod.


Google Drive