Skip to content

Instantly share code, notes, and snippets.


Coxxs/ Secret

Created October 21, 2019 12:54
What would you like to do?
from flask import Flask, render_template, request, send_from_directory
import requests # well, requests is designed for humans, and I like it.
app = Flask(__name__)
whitelist_hostname = ["",
whitelist_scheme = ["http://"]
def check_hostname(url):
for i in whitelist_scheme:
if url.startswith(i):
url = url[len(i):] # strip scheme
url = url[url.find("@") + 1:] # strip userinfo
if not url.find("/") == -1:
url = url[:url.find("/")] # strip parts after authority
if not url.find(":") == -1:
url = url[:url.find(":")] # strip port
if url not in whitelist_hostname:
return (False, "hostname {} not in whitelist".format(url))
return (True, "ok")
return (False, "scheme not in whitelist, only {} allowed".format(whitelist_scheme))
def index():
return render_template("index.html")
def req_route():
url = request.args.get('url')
status, msg = check_hostname(url)
if status is False:
# print(msg)
return msg
r = requests.get(url, timeout=2)
if not r.status_code == 200:
return "We tried accessing your url, but it does not return HTTP 200. Instead, it returns {}.".format(r.status_code)
return r.text
except requests.Timeout:
return "We tried our best, but it just timeout."
except requests.RequestException:
return "While accessing your url, an exception occurred. There may be a problem with your url."
def get_source():
return send_from_directory("/static/", "", as_attachment=True)
if __name__ == '__main__':"", 8000, debug=False)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment