Share
## https://sploitus.com/exploit?id=EACA4A21-0231-5F08-B1FE-45E9F7326B97
# cPanel-CVE-2026-41940-Scanner

![License](https://img.shields.io/badge/license-MIT-blue.svg)
![Python](https://img.shields.io/badge/python-3.x-green.svg)
![Status](https://img.shields.io/badge/status-active-brightgreen.svg)

This high-performance security tool is designed to identify and exploit **CVE-2026-41940**, a critical CRLF injection vulnerability in cPanel & WHM. It automates the entire process from Shodan discovery to administrative token creation.

---

## Key Features

- **Automated Shodan Discovery**: Bulk fetch targets based on port, country, and specific page ranges.
- **Multi-threaded Engine**: High-speed scanning with configurable thread counts.
- **Persistent Queue System**: Uses SQLite to store pending targets, ensuring no progress is lost if the bot stops.
- **Auth Bypass & Token Creation**: Automates the 4-stage exploit to leak session tokens and generate WHM API tokens.
- **Domain Extraction**: Automatically pulls all hosted domains from the WHM panel upon successful entry.
- **Stealth & Robustness**: Advanced error handling (SSL/Timeout suppression) and canonical host resolution.

---

## Demonstration

![cPanel PoC](https://raw.githubusercontent.com/merdw/cPanel-CVE-2026-41940-Scanner/refs/heads/main/cpanelpoc.png)

> **Note:** The scanner provides real-time stage-by-step logging from `[0]` (Canonical Host) to `[4]` (Root Verification).

---

## Installation

1. **Clone the repository:**
   ```bash
   git clone https://github.com/merdw/cPanel-CVE-2026-41940-Scanner.git
   cd cPanel-CVE-2026-41940-Scanner
   ```

2. **Install dependencies:**
   ```bash
   pip install -r requirements.txt
   ```

3. **Configure the tool:**
   Edit `config.json` with your Shodan API key and scan preferences.

---

## Usage

Run the main orchestrator:
```bash
python main.py
```

### Modes:
- **1. Shodan Mode**: Automatically pulls targets from Shodan based on your `config.json` and starts scanning.
- **2. Manual Mode**: Enter a single IP or URL to test a specific target.

---

## Configuration (`config.json`)

```json
{
    "shodan_api_key": "YOUR_API_KEY",
    "threads": 25,
    "timeout": 35,
    "shodan_start_page": 1,
    "shodan_pages": 10,
    "shodan_country": "TR",
    "scan_ports": [2087, 2083, 2096]
}
```

---

## โš ๏ธ Disclaimer

This tool is for educational purposes and authorized security testing only. The author is not responsible for any misuse or damage caused by this software. Use it at your own risk.

## ๐Ÿ™ Credits

Special thanks to **@watchtowrlabs** for the original research and exploit implementation. This PoC is a modified and extended version of their work.

---

## ๐Ÿค Contribution

Feel free to open issues or submit pull requests to improve the scanner!

---
*Developed with โค๏ธ for the security community.*