Saturday, 6 June 2020
PHP and Website Security ProjectX

ProjectX WHMCS Pentesting Tool v.1

Happy Bonifacio Day to all Filipinos!

Hello guys, tonight is the night that you have been waiting for. Tonight is the first release of the ProjectX WHMCS Pentesting Tool v.1 (version 1). You guys are free to download this tool.

Before all else, lemme just make things straight and explain why we release a tool that could be considered a blackhat tool. The reason why we are releasing this tool is for all our readers who are Windows users and don’t have a hosting. And lastly, the purpose of this tool is not to aid defacers in their cracking escapades but to release a pentesting tool that aims to check if the said website is vulnerable to WHMCS Local File Disclosure. We do not wish to condone illegal activities but only web vulnerability assessment for WHMCS. Projectx  WHMCS Pentesting Tool v.1 is a vulnerability scanner that uses a black box approach.


*In .EXE Format
* 10 payloads = 10 directories
* Gets the db_username, db_password, db_license, db_host, db_name, cc_enryption_hash, and templates_compiledir
* Allows the user to use their own directory by putting it after the target link
* Added a song entitled Cowboys From Hell by Pantera (because we love Metal Rock! m/)

Download Link:


</ Please report if the links are broken />

Disclaimer: The Projectx Blog is not liable of what you are going to do with the tool or any of the information stated here. Please be responsible and be ethical!


  1. for may site ako na alam at vurnerable at successful ung result. what will i do to those db_username, pasword etc that i’ve got?
    thanks for replies 🙂

    1. Author

      Well, if that is your site then upgrade your WHMCS to the new version and change your db_username and password because if a cracker gets hold of your username and password, he can use it to login to your FTP(File Transfer Protocol) / FTP / Cpanel.

    1. Author

      are you trying to use this tool for malicious purposes? I think you are. pls don’t do so..
      Regarding your question, you need to use an FTP client or any client that logins to port 21( example filezilla). Good luck if your using this to intrude a website. You could get trace :p

    1. Author

      lol please don’t disclose any information to the site you owned and please next time be ethical. Report to the admin about the vulnerability of their host.


Post Comment