This toolkit contains two Python scripts for identifying and exploiting Laravel applications with exposed .env files and vulnerable APP_KEYs.
๐ฌ Demo Video
๐ Purpose: Exploits Laravel RCE vulnerability by using a known APP_KEY to generate a malicious payload that leads to remote code execution. If successful, it writes a backdoor to the server and logs the URL.
๐ How It Works:
- Reads a list of targets in the format: http://target.com|base64:APP_KEY
- Crafts a signed and encrypted payload using AES and HMAC
- Sends the payload via the XSRF-TOKEN cookie
- Writes a PHP backdoor to the web root
- Verifies if the backdoor is accessible
๐ฅ Usage:
-
Prepare a file (e.g., targets.txt) with lines like: http://example.com|base64:your_app_key_here
-
Run the script: python rce.py
-
Enter the input filename when prompted
๐ Output: Successful backdoor URLs are saved in: ENV-TO-RCE/Result_YYYY-MM-DD_HH-MM-SS.txt
๐ฆ Dependencies:
- requests
- urllib3
- colorama
- pystyle
- pycryptodome
Install with: pip install -r requirements.txt
๐ Purpose: Scans a list of URLs for exposed Laravel .env files and extracts the APP_KEY. Useful for reconnaissance and preparing targets for rce.py.
๐ How It Works:
- Reads a list of .env URLs
- Fetches each URL and checks for valid .env content
- Extracts the APP_KEY if present
- Saves results in the format: http://target.com|base64:APP_KEY
๐ฅ Usage:
-
Prepare a file (e.g., env_urls.txt) with lines like: http://example.com/.env
-
Run the script: python envtobase64.py
-
Enter the input filename when prompted
๐ Output: Extracted APP_KEYs are saved in: ENV-TO-RCE/Result_YYYY-MM-DD_HH-MM-SS.txt
๐ฆ Dependencies:
- requests
- urllib3
- colorama
- pystyle
Install with: pip install -r requirements.txt
Create a requirements.txt file with: requests urllib3 colorama pystyle pycryptodome
Then install: pip install -r requirements.txt
Buy me a Coffe :
โฟ BTC: 17sbbeTzDMP4aMELVbLW78Rcsj4CDRBiZh
ยฉ2025 Bob Marley