CpanelScanner

CpanelScanner is a Go CLI tool that reads hosts from stdin, probes HTTPS on a configured port (default 2087), and checks whether the response contains a configured marker string (for example <title>WHM Login</title>).

Its intended use is to identify internet-exposed cPanel/WHM instances so they can be tested in authorized environments against CVE-2026-41940 (cPanel & WHM Authentication Bypass).

If a match is found, the resolved URL is appended to whm.txt.

Features

• Concurrent scanning using configurable worker count
• Config-driven probe behavior via config.toml
• Simple stdin pipeline workflow for host input
• Structured logging with optional debug mode

Requirements

• Go 1.26.2 or compatible environment
• Linux/macOS/Windows with network access to target hosts

Configuration

Edit config.toml:

[scanner]
port = 2087
max_workers = 1000
key = "<title>WHM Login</title>"

[cve]
check_vuln = true
debug = true

Key fields:

• scanner.port: target HTTPS port
• scanner.max_workers: max concurrent probes
• scanner.key: string to match in response body
• cve.debug: enables debug logs

Build

go build -o cpanel-scanner ./cmd

Usage

This tool is intended to consume zmap stdout.

Recommended usage:

zmap -p 2087 | go run cmd/main.go

You can also use a built binary in the same pipeline:

zmap -p 2087 | ./cpanel-scanner

Accepted input formats per line:

• host
• host:port (host portion is used for probing)
• [host]:port

Output

• Matched URLs are appended to whm.txt in the project directory.

Disclaimer

I do not endorse misuse of this tool.

Port scanning and service probing may be illegal or violate terms/policies when performed without explicit authorization. You are fully responsible for how you use this software, including compliance with all applicable laws, regulations, and network policies.