2021-05-31 14:13:01 +02:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
|
|
import sys
|
|
|
|
|
|
2023-10-01 11:23:05 +02:00
|
|
|
def generate_template(base_url, features):
|
2021-05-31 14:13:01 +02:00
|
|
|
|
2023-10-01 11:23:05 +02:00
|
|
|
if "proxy" in features or "burp" in features:
|
|
|
|
|
proxy = """
|
|
|
|
|
if \"proxy\" not in kwargs:
|
|
|
|
|
kwargs[\"proxy\"] = {\"http\":\"http://127.0.0.1:8080\", \"https\":\"http://127.0.0.1:8080\"}
|
|
|
|
|
"""
|
|
|
|
|
else:
|
|
|
|
|
proxy = ""
|
2021-06-11 12:44:35 +02:00
|
|
|
|
2023-10-01 11:23:05 +02:00
|
|
|
variables = {
|
|
|
|
|
"BASE_URL": f'"{base_url}" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"'
|
|
|
|
|
}
|
2021-05-31 14:13:01 +02:00
|
|
|
|
2023-10-01 11:23:05 +02:00
|
|
|
request_method = f"""def request(method, uri, **kwargs):
|
2021-10-25 17:25:49 +02:00
|
|
|
if not uri.startswith("/") and uri != "":
|
|
|
|
|
uri = "/" + uri
|
|
|
|
|
|
|
|
|
|
client = requests
|
|
|
|
|
if "session" in kwargs:
|
|
|
|
|
client = kwargs["session"]
|
|
|
|
|
del kwargs["session"]
|
2022-01-16 23:40:35 +01:00
|
|
|
|
|
|
|
|
if "allow_redirects" not in kwargs:
|
|
|
|
|
kwargs["allow_redirects"] = False
|
|
|
|
|
|
|
|
|
|
if "verify" not in kwargs:
|
|
|
|
|
kwargs["verify"] = False
|
2023-10-01 11:23:05 +02:00
|
|
|
{proxy}
|
2022-01-16 23:40:35 +01:00
|
|
|
return client.request(method, BASE_URL + uri, **kwargs)
|
2023-10-01 11:23:05 +02:00
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
methods = [request_method]
|
|
|
|
|
|
|
|
|
|
if "login" in features or "account" in features:
|
|
|
|
|
variables["USERNAME"] = '"Blindhero"'
|
|
|
|
|
variables["PASSWORD"] = '"test1234"'
|
|
|
|
|
methods.append("""
|
|
|
|
|
def login(username, password):
|
|
|
|
|
session = requests.Session()
|
|
|
|
|
res = request("POST", "/login", data={"username": username, "password": password}, session=session)
|
|
|
|
|
if res.status_code != 200:
|
|
|
|
|
print("[-] Error logging in")
|
|
|
|
|
exit()
|
|
|
|
|
|
|
|
|
|
return session
|
|
|
|
|
""")
|
|
|
|
|
|
|
|
|
|
if "register" in features or "account" in features:
|
|
|
|
|
variables["USERNAME"] = '"Blindhero"'
|
|
|
|
|
variables["PASSWORD"] = '"test1234"'
|
|
|
|
|
methods.append("""
|
|
|
|
|
def register(username, password):
|
|
|
|
|
res = request("POST", "/register", data={"username": username, "password": password})
|
|
|
|
|
if res.status_code != 200:
|
|
|
|
|
print("[-] Error registering")
|
|
|
|
|
exit()
|
|
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
""")
|
2021-05-31 14:13:01 +02:00
|
|
|
|
2023-10-01 11:23:05 +02:00
|
|
|
main = """
|
2021-06-11 12:44:35 +02:00
|
|
|
if __name__ == "__main__":
|
2021-10-25 17:25:49 +02:00
|
|
|
pass
|
2023-10-01 11:23:05 +02:00
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
variables = "\n".join(f"{k} = {v}" for k, v in variables.items())
|
|
|
|
|
header = f"""#!/usr/bin/env python
|
|
|
|
|
|
|
|
|
|
import os
|
|
|
|
|
import re
|
|
|
|
|
import sys
|
|
|
|
|
import json
|
|
|
|
|
import time
|
|
|
|
|
import base64
|
|
|
|
|
import requests
|
|
|
|
|
import subprocess
|
|
|
|
|
import urllib.parse
|
|
|
|
|
from bs4 import BeautifulSoup
|
|
|
|
|
from hackingscripts import util, fileserver, rev_shell
|
|
|
|
|
|
|
|
|
|
from urllib3.exceptions import InsecureRequestWarning
|
|
|
|
|
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
|
|
|
|
|
|
|
|
|
|
{variables}
|
|
|
|
|
|
|
|
|
|
"""
|
2021-05-31 14:13:01 +02:00
|
|
|
|
2023-10-01 11:23:05 +02:00
|
|
|
return header + "".join(methods) + main
|
2021-05-31 14:13:01 +02:00
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
|
|
|
|
|
|
if len(sys.argv) < 2:
|
2023-10-01 11:23:05 +02:00
|
|
|
print("Usage: %s <URL> [features]" % sys.argv[0])
|
2021-05-31 14:13:01 +02:00
|
|
|
exit()
|
|
|
|
|
|
|
|
|
|
url = sys.argv[1]
|
|
|
|
|
if "://" not in url:
|
|
|
|
|
url = "http://" + url
|
|
|
|
|
|
2023-10-01 11:23:05 +02:00
|
|
|
features = [] if len(sys.argv) < 3 else sys.argv[2].split(",")
|
|
|
|
|
template = generate_template(url, features)
|
2021-05-31 14:13:01 +02:00
|
|
|
print(template)
|
