Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Scanner for vulnerable UDP services that are subject to reflection/amplification DDoS attacks
- # This script supports both UDP and SYN stealth scans. Some UDP services accept or at least respond
- # to SYN requests, hence why it is included as an option in addition to generic UDP scans.
- # So far I've found over a thousand vulnerable DNS, NTP, UBIQUITI, DVR, and WS-Discovry (WSD)
- # machines while using this tool.
- # Known bugs: CTRL+C must be spammed a few times in order to abort your scan since I'm not a
- # master at python programming and the thread handling for this is garbage. Other than that,
- # you're set. Have fun crippling targets with your new lists.
- # The script to generate IP addresses to scan will be posted following this tool. Stand by...
- import os, sys, time, socket
- from scapy.all import *
- _abort = False
- def main():
- global _abort
- os.system('clear')
- if len(sys.argv) != 6:
- sys.exit('\r\n\033[1m\033[37m USAGE: <IP-LIST.TXT> <OUTPUT.TXT> <TIMEOUT SEC> <WAIT SEC> <METHOD:SYN/UDP>')
- if not os.geteuid() == 0:
- sys.exit('\r\n\033[1m\033[31m SCRIPT REQUIRES ROOT ELEVATION!')
- if not (sys.argv[5].lower() == "udp" or sys.argv[5].lower() == "syn"):
- sys.exit('\r\n\033[1m\033[31m ERROR! INVALID METHOD. EXITING...')
- print('''\033[1m\033[37m
- █████╗ ███╗ ███╗ ██████╗ ███████╗ ██████╗ ██╗ ██╗
- ██╔══██║ ████║▄████╔╝ ██╔══██║ ██╔═════╝ ██╔══██║ ██║ ██╔╝
- ███████╔╝ ██╔████╔██╔╝ ███████╔╝█████╗███████╗ ██████╔═╝ ▀████╔╝
- ██╔══██╔╝ ██╔╝██╔═██╔╝ ██╔═════╝ ╚════╝╚════██║ ██╔════╝ ██╔═╝
- ██╔╝ ██╔╝ ██╔╝ ╚═╝██╔╝ ██╔╝ ███████╔╝ ██╔╝ ██╔╝
- ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝ ╚═╝ ╚═╝
- ''')
- _online = []
- i = 0
- try:
- with open(sys.argv[1], 'r') as f:
- for line in f:
- if _abort == True:
- sys.exit("\033[1m\033[31m ABORTED BY USER...")
- break
- # retrieve IP:PORT
- try:
- _ip, _prt = line.strip().split(':')
- except:
- print('\033[1m\033[37m[{}]'.format(str(i)) + '\033[1m\033[34mANOMALY DETECTED @ LINE ENTRY "' + line + '"')
- i +=1
- if sys.argv[5].lower() == "syn":
- # ___ _ _ _ __
- # / __| | | | '_ \
- # \__ \ |_| | | | |
- # |___/\__, |_| |_|
- # |___/
- try:
- response = sr1(IP(dst=_ip)/TCP(dport=int(_prt), flags="S"), timeout=int(sys.argv[3]), verbose=0)
- if response and response.haslayer(TCP):
- if response[TCP].flags == 0x12:
- # open
- print('\033[1m\033[37m[{}]'.format(str(i)) + '\033[1m\033[32m ------> OPEN @ ' + _ip + ':' + _prt)
- success = _ip + ":" + _prt
- _online.append(success)
- else:
- # closed/filtered
- print('\033[1m\033[37m[{}]'.format(str(i)) + '\033[1m\033[31m TIMEOUT @ ENDPOINT ' + _ip + ':' + _prt)
- else:
- print('\033[1m\033[37m[{}]'.format(str(i)) + '\033[22m\033[31m SYN/ACK NOT RECEIVED. REJECTED BY ENDPOINT ' + _ip + ':' + _prt)
- except KeyboardInterrupt:
- sys.exit()
- except:
- pass
- else:
- # _
- # _ _ __| |_ __
- # | | | |/ _` | '_ \
- # | |_| | (_| | |_) |
- # \__,_|\__,_| .__/
- # |_|
- try:
- udp_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
- udp_socket.settimeout(1) # Set a timeout for the connection attempt
- udp_socket.sendto(b'', (_ip, int(_prt)))
- data, addr = udp_socket.recvfrom(1024) # Receive response
- # open
- print('\033[1m\033[37m[{}]'.format(str(i)) + '\033[1m\033[32m ------> OPEN @ ' + _ip + ':' + _prt)
- except KeyboardInterrupt:
- sys.exit()
- except:
- print('\033[1m\033[37m[{}]'.format(str(i)) + '\033[22m\033[31m SYN/ACK NOT RECEIVED. REJECTED BY ENDPOINT ' + _ip + ':' + _prt)
- except KeyboardInterrupt:
- # user abort via ctrl+c
- _abort = True
- except ValueError:
- # malformed string formate
- print('\033[1m\033[37m[{}]'.format(str(i)) + '\033[1m\033[34mANOMALY DETECTED @ LINE ENTRY "' + line + '"')
- except:
- # who knows lol
- print('\033[1m\033[31mCRITICAL ERROR ENCOUNTERED!')
- # save all open ports to output file
- print('\r\n\033[1m\033[37mDUMPING OPEN PORTS TO OUTPUT FILE. PLEASE STAND-BY...')
- try:
- with open(sys.argv[2], 'w') as file:
- for item in _online:
- file.write(item + '\n')
- except KeyboardInterrupt:
- sys.exit()
- except:
- print('\033[1m\033[31mERROR ENCOUNTERED WHEN WRITING TO FILE!')
- # remove root file-attribute from output file
- try:
- current_mode = os.stat(sys.argv[2]).st_mode
- new_mode = current_mode & ~0o4000
- os.chmod(file_path, new_mode)
- except:
- pass
- sys.exit('\r\n\033[1m\033[37mJOB FINISHED.')
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement