Map Broken Access Control web page to local directory to exploit it easier

webmap.py

#!/usr/bin/env python3
import sys, re, requests
from urllib.parse import urljoin

if len(sys.argv) == 1:
	print("Give me URL")
	sys.exit(1)
else:
	url = sys.argv[1]
	
def get_redirection(response):
	"""
	Analysis all redirection request in html response via meta tag, windows.location or href
	:param response: string = server response html
	:return: list of string = all possible URL
	"""
	regex_js = r"[window\.]?location(?:.*)=[ \'\"]?([a-zA-Z\._\/]+)[ \'\"]?"
	regex_meta = r"<meta[^>]*?url=(.*?)[\"\']"
	regex_href = r"href=[\'\"]?([^\'\" >]+)"
	regex_img = r"[<img ]?src(?:.*)=[ \'\"]?([a-zA-Z\._\/]+)[ \'\"]?"
	regex_form_action = r"action(?:.*)=[ \'\"]?([a-zA-Z\._\/]+)[ \'\"]? "
	
	url = list(set(re.findall(regex_form_action, response)))

	
	result = list(set(re.findall(regex_img, response)))
	url = url + result if result else url
	
	result = list(set(re.findall(regex_meta, response)))
	url = url + result if result else url

	result = list(set(re.findall(regex_js, response)))
	url = url + result if result else url

	result = list(set(re.findall(regex_href, response)))
	url = url + result if result else url
	return url

site_data = ""	
resp = requests.get(url)
resp.encoding = 'utf-8'


for line in resp.text.split("\n"):
	
	rurls = get_redirection(line)
	for rurl in rurls:
		new_rurl = ""
		if rurls and not rurl.startswith("http"):
			new_rurl = urljoin(url, rurl)
		if new_rurl:
			line = line.replace(rurl, new_rurl)
	site_data += line + "\n"
	
print(site_data)