This proof of concept shows how lightshot screenshot hosting service can be easily crawled without any restriction.
This weakness was first discovered with Naïm GALLOUJ.
Script Author : Charles SENGES (me, btw).
Seems like cloudflare protection has been added since. May bypass this later. If you have any suggestion, just drop me an email.
Monster-Geek : Bash crawler seems to crawl swlowly but without getting banned. Python script got banned pretty fast...
Squ3D : Java Crawler seems to crawl without issue, feel free to pm me if you face any problem using it. Update : Added a Py Scrapper.
$ ./pull.sh <url> <number of level>- URL : Your startig point
- Levels : How much you want to crawl the url. (See exemples)
$ pip3 install -r requeirements.txt
$ python3 scrappyer.py
$ ./pull.sh https://prnt.sc/abc123 1Will go from https://prnt.sc/abc120 to https://prnt.sc/abc12z
Could also be seen as https://prnt.sc/abc12*
In the same way :
$ ./pull.sh https://prnt.sc/abc123 6Could be seend as https://prnt.sc/******
The script would then crawl the whole website (could be long if you don't have a quantum computer (I know quantum computer wouldn't help but.. come on))
- Korben published an article about this weakness.
