#!/usr/bin/env python3
"""
Comprehensive endpoint enumeration for web2py
"""

import requests
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

BASE_URL = "https://localhost:5000"

# Common web2py endpoint patterns
endpoints_to_test = [
    # Default welcome app
    "/welcome/default/index",
    "/welcome/default/user",
    "/welcome/default/download",
    "/welcome/default/call",
    "/welcome/default/data",
    "/welcome/appadmin/index",
    
    # Examples app (if exists)
    "/examples/default/index",
    "/examples/default/call",
    "/examples/soap_examples/call",
    
    # Admin app
    "/admin/default/index",
    "/admin/webservices/call",
    
    # Generic service patterns
    "/welcome/default/call/json",
    "/welcome/default/call/jsonrpc",
    "/welcome/default/call/xmlrpc",
    "/welcome/default/call/soap",
    
    # Try with .json/.xml extensions
    "/welcome/default/index.json",
    "/welcome/default/index.xml",
]

print("=" * 60)
print("Enumerating Web2py Endpoints")
print("=" * 60)

results = {}

for endpoint in endpoints_to_test:
    url = BASE_URL + endpoint
    try:
        response = requests.get(url, verify=False, timeout=3)
        status = response.status_code
        length = len(response.text)
        
        if status != 404:
            print(f"\n[+] {endpoint}")
            print(f"    Status: {status}")
            print(f"    Length: {length} bytes")
            
            # Check for interesting keywords
            text_lower = response.text.lower()
            if 'service' in text_lower:
                print(f"    [!] Contains 'service'")
            if 'call' in text_lower:
                print(f"    [!] Contains 'call'")
            if 'jsonrpc' in text_lower or 'xmlrpc' in text_lower:
                print(f"    [!] Contains RPC keywords")
                
            results[endpoint] = {
                'status': status,
                'length': length,
                'preview': response.text[:150]
            }
        else:
            print(f"[-] {endpoint} - 404")
            
    except requests.exceptions.Timeout:
        print(f"[!] {endpoint} - Timeout")
    except Exception as e:
        print(f"[!] {endpoint} - Error: {str(e)[:50]}")

print("\n" + "=" * 60)
print("Summary of Accessible Endpoints:")
print("=" * 60)

for endpoint, data in results.items():
    print(f"\n{endpoint}")
    print(f"  Status: {data['status']}")
    print(f"  Preview: {data['preview'][:100]}...")