the-c0d3r/lfi-test.py

## lfi-test.py
import urllib
import Queue
import threading
import time
import sys

global vulnSite
vulnSite = []


class scanThread(threading.Thread):

    def __init__(self,threadID,q):
        threading.Thread.__init__(self)
        self.q = q

    def run(self):
        testlfi(self.q)

def testlfi(q):
    while not exitFlag:
        queueLock.acquire()
        if not workQueue.empty():
            data = q.get()
            queueLock.release()

            x = getpage(data)
            if x:
                queueLock.acquire()
                print "[\033[92mvulnerable\033[0m] %s" % data
                vulnSite.append(data)
                queueLock.release()
            else:
                queueLock.acquire()
                print"[\033[93mNot Vulnerable\033[0m] %s" % data
                queueLock.release()
        else:
            queueLock.release()
        time.sleep(1)

def main(filename,thread_count=None):
    try:
        starttime = time.time()
        global queueLock, workQueue, exitFlag
        exitFlag = 0
        flist = open(filename).readlines()
        testlist = [i.replace('\n','') for i in flist]

        if not thread_count: thread_count = int(raw_input("Enter number of threads : "))

        workQueue = Queue.Queue(len(testlist))
        queueLock = threading.Lock()
        threads = []
        threadID = 1
        for t in range(thread_count):
            sys.stdout.write('\r')
            sys.stdout.write("[+] Thread %s starting" % threadID)
            time.sleep(0.005)
            sys.stdout.flush()
            if threadID == thread_count:
                print '\n'
            thread = scanThread(threadID,workQueue)
            thread.start()
            threads.append(thread)
            threadID += 1


        queueLock.acquire()
        print "[+] Feeding Data to worker Threads\n"
        for i in testlist:
            workQueue.put(i)
        queueLock.release()

        while not workQueue.empty():
            pass

        exitFlag = 1
        for t in threads:
            t.join()
        print "Exiting Main Thread"
        endtime = time.time()
        print "[=] %s vulnerable sites" % len(vulnSite)
        newfile = open('result.txt','w')
        for i in vulnSite:
            newfile.write(i+'\n')
        newfile.close()
        print "[!] Saved as result.txt"

        print "[+] Duration : %.2f seconds" % float(endtime-starttime)
        print "[+] Processed : %s sites" % len(testlist)

    except KeyboardInterrupt:
        exitFlag = 1
        print "Exiting"
        exit()
    except IOError:
        print "[!] File [%s] is not readable or not found" % filename

def getpage(url):
    try:
        if 'root:x:0' in urllib.urlopen(url).read():
            return True
        else: return False
    except:
        return None

if __name__ == "__main__":
    import sys
    if len(sys.argv) < 2:
        print "lfi-test.py urls.txt number_of_threads (optional)"
    elif len(sys.argv) == 3:
        main(sys.argv[1],int(sys.argv[2]))
    else:
        main(sys.argv[1])


            # Multi-threading with percentage
	import urllib
	import Queue
	import threading
	import time
	import sys

	global vulnSite
	vulnSite = []


	class scanThread(threading.Thread):

	def __init__(self,threadID,q):
	threading.Thread.__init__(self)
	self.q = q

	def run(self):
	testlfi(self.q)

	def testlfi(q):
	while not exitFlag:
	queueLock.acquire()
	if not workQueue.empty():
	data = q.get()
	queueLock.release()

	x = getpage(data)
	if x:
	queueLock.acquire()
	print "[\033[92mvulnerable\033[0m] %s" % data
	vulnSite.append(data)
	queueLock.release()
	else:
	queueLock.acquire()
	print"[\033[93mNot Vulnerable\033[0m] %s" % data
	queueLock.release()
	else:
	queueLock.release()
	time.sleep(1)

	def main(filename,thread_count=None):
	try:
	starttime = time.time()
	global queueLock, workQueue, exitFlag
	exitFlag = 0
	flist = open(filename).readlines()
	testlist = [i.replace('\n','') for i in flist]

	if not thread_count: thread_count = int(raw_input("Enter number of threads : "))

	workQueue = Queue.Queue(len(testlist))
	queueLock = threading.Lock()
	threads = []
	threadID = 1
	for t in range(thread_count):
	sys.stdout.write('\r')
	sys.stdout.write("[+] Thread %s starting" % threadID)
	time.sleep(0.005)
	sys.stdout.flush()
	if threadID == thread_count:
	print '\n'
	thread = scanThread(threadID,workQueue)
	thread.start()
	threads.append(thread)
	threadID += 1


	queueLock.acquire()
	print "[+] Feeding Data to worker Threads\n"
	for i in testlist:
	workQueue.put(i)
	queueLock.release()

	while not workQueue.empty():
	pass

	exitFlag = 1
	for t in threads:
	t.join()
	print "Exiting Main Thread"
	endtime = time.time()
	print "[=] %s vulnerable sites" % len(vulnSite)
	newfile = open('result.txt','w')
	for i in vulnSite:
	newfile.write(i+'\n')
	newfile.close()
	print "[!] Saved as result.txt"

	print "[+] Duration : %.2f seconds" % float(endtime-starttime)
	print "[+] Processed : %s sites" % len(testlist)

	except KeyboardInterrupt:
	exitFlag = 1
	print "Exiting"
	exit()
	except IOError:
	print "[!] File [%s] is not readable or not found" % filename

	def getpage(url):
	try:
	if 'root:x:0' in urllib.urlopen(url).read():
	return True
	else: return False
	except:
	return None

	if __name__ == "__main__":
	import sys
	if len(sys.argv) < 2:
	print "lfi-test.py urls.txt number_of_threads (optional)"
	elif len(sys.argv) == 3:
	main(sys.argv[1],int(sys.argv[2]))
	else:
	main(sys.argv[1])


	# Multi-threading with percentage