#!/usr/bin/env python3
"""
Simple API exploration and exploit script
"""
import requests
import json

def test_api(url):
    """Test the API endpoint"""
    print(f"[*] Testing API at {url}")
    
    # Try a GET request
    try:
        response = requests.get(url, timeout=5)
        print(f"[+] GET Response: {response.status_code}")
        print(f"    {response.text}")
    except Exception as e:
        print(f"[-] GET Error: {e}")
    
    # Try POST with empty data
    try:
        response = requests.post(url, timeout=5)
        print(f"\n[+] POST (empty) Response: {response.status_code}")
        print(f"    {response.text}")
    except Exception as e:
        print(f"[-] POST Error: {e}")
    
    # Try POST with test credentials
    test_creds = {
        'uid': '00000000',
        'username': 'test',
        'authorization_code': '00' * 22,  # 22 bytes
        'access_level': '00' * 16
    }
    
    try:
        response = requests.post(url, data=test_creds, timeout=5)
        print(f"\n[+] POST (test creds) Response: {response.status_code}")
        print(f"    {response.text}")
    except Exception as e:
        print(f"[-] POST Test Creds Error: {e}")

if __name__ == "__main__":
    base_url = "http://154.57.164.61:31938"
    
    # Try common endpoints
    endpoints = [
        "/",
        "/api",
        "/access",
        "/auth",
        "/door",
        "/login",
        "/verify",
        "/check",
        "/reader",
        "/rfid"
    ]
    
    for endpoint in endpoints:
        print(f"\n{'='*60}")
        print(f"Testing: {base_url + endpoint}")
        print('='*60)
        test_api(base_url + endpoint)